Agent Safety Preflight
Overview
Agent Safety Preflight helps Claude inspect a local repository before making AI-agent-assisted edits. It produces a compact Green, Yellow, or Red risk receipt from local files only, with special attention to destructive shell patterns, credential-writing automation, agent authority surfaces, uncommitted changes, and unavailable git state.
The skill pairs with the /agent-preflight command in this plugin. Prefer the bundled lightweight scanner when it is available from a trusted Claude install root, then explain the decision and next safe action before editing.
Prerequisites
- A local repository or workspace path to inspect.
- Python 3 available for the bundled
agentpreflightlite.py scanner.
- Git available when the workspace is a git repository.
- Permission to read the target workspace locally.
Do not send source, secrets, tokens, private repository contents, payment credentials, or environment variables to external services while using this skill.
Instructions
- Confirm the target repository path. Use the current workspace unless the user supplied a path.
- Use
Read only for local documentation or configuration files that explain the workspace; do not copy private source into the response.
- Run
/agent-preflight when the command is installed, or invoke the bundled scanner from a trusted Claude install root.
- If the scanner is unavailable, apply the same manual decision rules: destructive commands, credential-writing automation, risky agent authority, git state, and high-risk shell or network install chains.
- Classify the workspace as Green, Yellow, or Red.
- Report the decision, evidence, and next safe action before making edits.
- For Yellow results, ask for a checkpoint or narrower scope before broad edits.
- For Red results, stop and request human review before changing files.
Output
Return a short receipt in Markdown that is safe to paste into the local work log or pull request notes:
## Agent Safety Preflight Receipt
- Decision: Green | Yellow | Red
- Repository: <path>
- Git state: clean | dirty | unavailable
- Risk buckets: <bullets>
- Evidence: <file/path markers>
- Next safe action: proceed | checkpoint | stop
Error Handling
- If the scanner cannot be found from a trusted install root, say that the automated scanner did not run and use the manual rules.
- If git status is unavailable, classify the workspace as Yellow rather than Green.
- If a file cannot be decoded, scan the readable prefix with tolerant UTF-8 decoding and include a note if relevant evidence may be incomplete.
- If a destructive or credential-writing marker appears in an agent-controlled path, classi