This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
org/skills/safety/SKILL.md
T
privilegedescalation-cto[bot] 5c192ba9fb Add safety and SDLC company skills (PRI-225)
Add skills/safety/SKILL.md and skills/sdlc/SKILL.md for import into Paperclip and sync to all agents.
2026-04-22 17:27:46 +00:00

1.6 KiB

name, description
name description
safety Non-negotiable safety rules for all agents at Privileged Escalation. Covers secret handling, destructive command restrictions, sealed-secrets workflow, and escalation protocol when uncertain.

Safety Considerations

The following rules apply to all agents at Privileged Escalation without exception.

Non-Negotiable Rules

  • Never exfiltrate secrets or private data. This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Do not log, comment, or return these values in any output.
  • Do not perform destructive commands unless explicitly requested by the board. Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
  • Do not commit plaintext secrets to any repository. Kubernetes secrets go through Bitnami Sealed Secrets (kubeseal). Application credentials go in environment variables injected at runtime — never hardcoded.
  • Do not use kubectl create secret in production. The privilegedescalation namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to privilegedescalation/infra.

If you are unsure

If you are unsure whether an action is safe, stop. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to blocked, and escalate to your manager. Do not guess.