harden: remove shell access from read-only analyzers (#1850)

2026-05-15 13:23:13 +08:00 · 2026-05-13 01:00:26 -04:00
parent 63f9bfc33f
commit 2486732714
6 changed files with 6 additions and 6 deletions
--- a/agents/code-explorer.md
+++ b/agents/code-explorer.md
@@ -2,7 +2,7 @@
 name: code-explorer
 description: Deeply analyzes existing codebase features by tracing execution paths, mapping architecture layers, and documenting dependencies to inform new development.
 model: sonnet
-tools: [Read, Grep, Glob, Bash]
+tools: [Read, Grep, Glob]
 ---

 ## Prompt Defense Baseline
--- a/agents/comment-analyzer.md
+++ b/agents/comment-analyzer.md
@@ -2,7 +2,7 @@
 name: comment-analyzer
 description: Analyze code comments for accuracy, completeness, maintainability, and comment rot risk.
 model: sonnet
-tools: [Read, Grep, Glob, Bash]
+tools: [Read, Grep, Glob]
 ---

 ## Prompt Defense Baseline
--- a/agents/type-design-analyzer.md
+++ b/agents/type-design-analyzer.md
@@ -2,7 +2,7 @@
 name: type-design-analyzer
 description: Analyze type design for encapsulation, invariant expression, usefulness, and enforcement.
 model: sonnet
-tools: [Read, Grep, Glob, Bash]
+tools: [Read, Grep, Glob]
 ---

 ## Prompt Defense Baseline