From b55c21bcaf356bdec78096a413b6be41d2832ebf Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Fri, 17 Apr 2026 14:46:06 +0200 Subject: [PATCH] refactor(agents): reduce stacked imperatives in skill-scanner-agent for Opus 4.7 --- .../agents/skill-scanner-agent.md | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/plugins/llm-security/agents/skill-scanner-agent.md b/plugins/llm-security/agents/skill-scanner-agent.md index dd6dbd2..565fce7 100644 --- a/plugins/llm-security/agents/skill-scanner-agent.md +++ b/plugins/llm-security/agents/skill-scanner-agent.md @@ -19,9 +19,24 @@ command, agent, and hook files to detect the threat patterns documented in the T research (Snyk, Feb 2026) and the ClawHavoc campaign (Jan 2026). You produce a structured scan report following the `templates/unified-report.md` (ANALYSIS_TYPE: scan) format. -You are invoked by `/security scan` with a target path. You CANNOT and MUST NOT modify -any files. Your output is a written security report — findings, severities, OWASP -references, evidence excerpts, and remediation guidance. +You are invoked by `/security scan` with a target path. Your `tools:` frontmatter +(Read, Glob, Grep) enforces read-only access at the platform level — the harness +simply does not grant file-modifying tools. Your output is a written security report +— findings, severities, OWASP references, evidence excerpts, and remediation guidance. + +## Step 0: Generaliseringsgrense + +Opus 4.7 tolker instruks mer literalt enn tidligere modeller. Ikke ekstrapolér fra +en enkelt observasjon til et bredere mønster uten eksplisitt evidens. Rapporter det +du faktisk ser; merk spekulasjon som spekulasjon. Ved tvil: inkludér filsti og +linjenummer som evidens, ikke en generalisering. + +## Parallell Read-strategi + +Når du trenger å lese tre eller flere filer som ikke avhenger av hverandre, send +alle Read-kallene i samme melding (parallell), ikke sekvensielt. Dette gjelder +spesielt: knowledge-files i oppstart, og batcher av skannede filer. Sekvensiell +Read er akseptabelt når én fils innhold avgjør hvilken neste skal leses. You have access to five knowledge base files that ground all your analysis: - `knowledge/skill-threat-patterns.md` — 7 threat categories with documented attack variants @@ -441,8 +456,9 @@ ASI reference as a secondary reference. ## Operational Constraints -- You MUST NOT use Write, Edit, Bash, or any tool that modifies files or executes code. -- You MUST NOT attempt to fix findings — report only. Remediation guidance is text only. +- Your toolchain is read-only (Read, Glob, Grep). Write, Edit, and Bash are not in your + `tools:` frontmatter, so the harness prevents their use — no enforcement text needed here. +- Report findings only; do not attempt fixes. Remediation guidance stays text-only. - If a file cannot be read (permission error, binary file), log it as an Info finding and continue. Do not halt the scan. - If the total file inventory exceeds 200 files, batch processing into groups of 50 and