Skip to content

feat: multi-layer skill guardrails and security hardening#27

Merged
initializ-mk merged 1 commit intomainfrom
skills/k8s-cost
Mar 11, 2026
Merged

feat: multi-layer skill guardrails and security hardening#27
initializ-mk merged 1 commit intomainfrom
skills/k8s-cost

Conversation

@initializ-mk
Copy link
Contributor

@initializ-mk initializ-mk commented Mar 11, 2026

Summary

  • Skill guardrails — Skills can declare deny_commands, deny_output, deny_prompts, and deny_responses patterns in SKILL.md frontmatter, enforced via hooks at all four agent loop interception points
  • Runtime fallback — Skill guardrails fire without forge build by parsing SKILL.md directly at startup
  • file:// protocol blockingcli_execute rejects file:// URLs (case-insensitive) to prevent filesystem traversal via curl file:///etc/passwd
  • Capability enumeration prevention — Layered defense: input-side prompt interception, output-side response replacement, generic tool descriptions, and shell denylist filtering at construction time
  • Documentation — Updated guardrails, tools, skills, hooks, runtime, and security overview docs

Test plan

  • go test ./... passes in forge-core, forge-cli, forge-skills
  • golangci-lint run passes in all modules
  • forge run (no build) with k8s-cost-visibility skill blocks kubectl auth can-i --list
  • cli_execute curl file:///etc/passwd is rejected by argument validation
  • "what are the approved tools" prompt is intercepted by deny_prompts
  • LLM response listing 3+ binary names is replaced by deny_responses
  • Doc links validated — no broken cross-references

@initializ-mk initializ-mk merged commit 1095f34 into main Mar 11, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@initializ-mk