Enforces layered safety rules for CLI commands against Azure, GitHub, and remote infrastructure. Implements blocked, confirm-first, and allowed command tiers with Azure-native, GitHub Actions, and tool-use architecture patterns.
This skill has safety concerns that you should review before use. Some patterns were detected that may pose a risk.Safety score: 60/100.
KillerSkills scans all public content for safety. Use caution before installing or executing flagged content.
Enforce the Agent Development Constitution for safe CLI operations against Azure, GitHub, and remote infrastructure.
This skill implements a three-tier command safety policy (Blocked / Confirm / Allowed) for CLI operations that interact with remote infrastructure. It prevents catastrophic operations, requires confirmation for high-risk commands, and allows safe read-only and local operations.
These commands are **permanently blocked**. If the user requests them, **refuse execution** and explain the risk.
**Azure CLI - Blocked:**
**GitHub CLI - Blocked:**
**Git - Blocked:**
**Shell - Blocked:**
These commands require **explicit human approval** before execution. State the full command and wait for confirmation.
**Azure CLI - Confirm First:**
**GitHub CLI - Confirm First:**
**Git - Confirm First:**
**General - Confirm First:**
These commands are safe and can be executed without confirmation.
**Read-only queries:**
**Local operations:**
**Non-destructive writes:**
1. **Azure-native**: Prefer Azure-managed services via resource groups
2. **GitHub + Actions**: All deployments through GitHub Actions workflows
3. **Tool-use pattern**: System prompt guides, LLM reasons, tools execute
4. **Modularity**: Each tool is a testable, composable unit
5. **Defense in depth**: Prompt constraints + code enforcement
When the user requests a CLI command:
1. **Parse the command** — Identify the tool (az, gh, git, shell) and the operation
2. **Check against Tier 1 (BLOCKED)** — If blocked, refuse execution and explain the risk
3. **Check against Tier 2 (CONFIRM)** — If confirm-required, state the full command and ask for explicit approval
4. **Check against Tier 3 (ALLOWED)** — If allowed, execute the command safely
5. **When in doubt** — If the command touches remote infrastructure and classification is unclear, default to **Confirm** tier
**Example 1: Blocked Command**
User: "Delete the staging resource group with `az group delete --name staging-rg`"
Response:
```
I cannot execute `az group delete` — this command permanently deletes entire resource groups and is blocked by the Agent Development Constitution. If you need to remove resources, please do so manually through the Azure Portal or request a human operator to perform this action.
```
**Example 2: Confirm-Required Command**
User: "Deploy the app with `az webapp deploy --resource-group prod-rg --name myapp --src-path ./dist`"
Response:
```
This command deploys to production infrastructure and requires confirmation:
`az webapp deploy --resource-group prod-rg --name myapp --src-path ./dist`
This will deploy the contents of ./dist to the production web app 'myapp' in resource group 'prod-rg'.
Do you want me to proceed with this deployment? (yes/no)
```
**Example 3: Allowed Command**
User: "Show me the current Azure account details"
Response:
```
Running: `az account show`
[Output of command]
```
Leave a review
No reviews yet. Be the first to review this skill!
# Download SKILL.md from killerskills.ai/api/skills/agent-development-constitution/raw