Agent-Skills.md

Agent Skills: External System Safety Guardrails

Enforces confirmation workflow for EXTERNAL system writes (Jira, Confluence, BitBucket, Slack) ONLY. NEVER activates for Linear operations (Linear is internal tracking). Auto-activates when detecting potential writes to external PM systems (status updates, page creation, PR posts, notifications). Blocks execution and displays exact content that will be written. Requires explicit "yes" confirmation (rejects "ok", "sure", ambiguous responses). All Linear operations execute automatically without confirmation. Works alongside ccpm-code-review to ensure quality before external broadcasts. Provides audit trail of all confirmed operations. Allows batch operations with granular per-item confirmation when needed.

UncategorizedID: duongdev/ccpm/external-system-safety

Repository

duongdev/ccpm
duongdevLicense: MIT
51

Skill Files

Browse the full folder contents for external-system-safety.

Download Skill

Loading file tree…

skills/external-system-safety/SKILL.md

Skill Metadata

Name
external-system-safety
Description
Enforces confirmation workflow for EXTERNAL system writes (Jira, Confluence, BitBucket, Slack) ONLY. NEVER activates for Linear operations (Linear is internal tracking). Auto-activates when detecting potential writes to external PM systems (status updates, page creation, PR posts, notifications). Blocks execution and displays exact content that will be written. Requires explicit "yes" confirmation (rejects "ok", "sure", ambiguous responses). All Linear operations execute automatically without confirmation. Works alongside ccpm-code-review to ensure quality before external broadcasts. Provides audit trail of all confirmed operations. Allows batch operations with granular per-item confirmation when needed.

External System Safety Guardrails

This skill provides automatic safety enforcement for all operations involving external project management systems.

⚠️ CRITICAL: Linear Exclusion

DO NOT activate this skill for Linear operations. Linear is CCPM's internal tracking system.

NEVER ask for confirmation when:

  • Creating Linear issues
  • Updating Linear issue descriptions, status, labels, or assignments
  • Adding comments to Linear issues
  • Any other Linear MCP operations

This skill ONLY applies to EXTERNAL systems: Jira, Confluence, BitBucket, Slack, etc.

Instructions

⛔ ABSOLUTE RULES - NEVER VIOLATED

Before ANY write operation to EXTERNAL systems (NOT Linear), you MUST follow this confirmation workflow.

1. Detect External System Write Operations

Jira:

  • Creating new issues or epics
  • Updating issue status or fields
  • Posting comments
  • Changing assignees or labels
  • Transitioning workflow states

Confluence:

  • Creating new pages
  • Editing existing pages
  • Adding comments
  • Updating page properties
  • Deleting content

BitBucket:

  • Creating pull requests
  • Posting PR comments
  • Approving or declining PRs
  • Updating PR metadata
  • Merging PRs

Slack:

  • Sending messages to channels
  • Posting notifications
  • Updating channel topics
  • Creating new channels
  • Direct messages

2. STOP and Display Intent

When you detect a potential write operation:

⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: [Jira/Confluence/BitBucket/Slack]
Operation: [Create/Update/Delete/Post]
Target: [Specific item/location]

Details:
---
[Exact content that will be written/posted]
---

This will modify external systems. Proceed? (yes/no)

3. Wait for Explicit Confirmation

Acceptable confirmations:

  • "yes"
  • "confirm"
  • "proceed"
  • "go ahead"
  • "do it"

NOT acceptable (require re-confirmation):

  • Silence
  • "ok" (too ambiguous)
  • "sure" (too casual)
  • Any other response

4. Only Then Execute

After receiving explicit "yes" or equivalent:

  1. Execute the operation
  2. Log what was done
  3. Provide confirmation of success
  4. Show link to updated item if available

Examples

Example 1: Jira Status Update

User: "Update Jira ticket ABC-123 to Done"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Jira
Operation: Update Status
Target: ABC-123

Details:
---
Status: In Progress → Done
---

This will modify external systems. Proceed? (yes/no)

User: yes

Claude: ✅ Updated Jira ABC-123 status to Done
Link: https://jira.company.com/browse/ABC-123

Example 2: Confluence Page Creation

User: "Create a Confluence page documenting the new API"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Confluence
Operation: Create Page
Target: Engineering Space

Details:
---
Title: "New Payment API Documentation"
Parent: API Documentation
Content: [First 200 characters of content...]
---

This will modify external systems. Proceed? (yes/no)

User: no, not yet

Claude: Understood. I won't create the Confluence page. Let me know when you're ready.

Example 3: Slack Notification

User: "Let the team know the feature is deployed"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Slack
Operation: Post Message
Target: #engineering channel

Details:
---
Message: "✅ Payment gateway integration deployed to production. All tests passing."
---

This will modify external systems. Proceed? (yes/no)

User: yes

Claude: ✅ Posted message to #engineering

Example 4: Multiple Operations

User: "Update Jira to Done and notify the team on Slack"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

I need to perform 2 write operations:

1. Jira - Update Status
   Target: ABC-123
   Change: In Progress → Done

2. Slack - Post Message
   Target: #engineering
   Message: "Task ABC-123 completed"

Proceed with both? (yes/no)

User: only the jira update

Claude: Got it. I'll update Jira ABC-123 but skip the Slack notification.

⚠️ Confirming: Update Jira ABC-123 to Done? (yes/no)

User: yes

Claude: ✅ Updated Jira ABC-123 to Done
❌ Skipped Slack notification as requested

Always Allowed (No Confirmation Needed)

The following operations NEVER require confirmation:

Read operations:

  • Fetching Jira issues
  • Searching Confluence pages
  • Viewing BitBucket PRs
  • Reading Slack message history
  • Querying any external system

Linear operations:

  • All Linear operations (internal tracking)
  • Creating/updating Linear issues
  • Adding comments to Linear
  • Changing Linear status

Local file operations:

  • Reading/writing files in .claude/ directory
  • Editing codebase files
  • Creating local documentation
  • Git operations (commit, branch, etc.)

Code operations:

  • Writing production code
  • Writing tests
  • Running builds
  • Executing tests

Special Cases

Case 1: User Explicitly Says "Without Confirmation"

If user explicitly requests bypassing confirmation:

User: "Update Jira ABC-123 to Done without asking me"

Still require ONE confirmation for safety:

Claude: I understand you want to skip confirmations, but for safety I need ONE confirmation:

Update Jira ABC-123 to Done? (yes/no)

[After yes, you can skip future confirmations in this session if user requests]

Case 2: Batch Operations

For multiple similar operations:

User: "Update all 5 tickets to Done"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

Batch operation: Update 5 Jira tickets to Done
- ABC-123
- ABC-124
- ABC-125
- ABC-126
- ABC-127

Proceed with all? (yes/no/show details)

User: yes

Claude: ✅ Updated all 5 tickets to Done

Case 3: User Seems Confused

If user response is unclear:

User: "maybe"
User: "I guess"
User: "if you think so"

Claude: I need explicit confirmation. Please respond with "yes" to proceed or "no" to cancel.

Integration with CCPM Commands

This skill works alongside CCPM commands that write to external systems:

Commands that trigger this skill:

  • /ccpm:done (creates BitBucket PR, sends Slack notification)
  • /ccpm:sync (updates Jira status)
  • Any command with external system integration

How it works:

  1. User invokes command
  2. Command prepares to write to external system
  3. This skill auto-activates
  4. Confirmation workflow runs
  5. Only after "yes" does command proceed

Error Handling

If external system write fails after confirmation:

Claude: ⚠️ Write operation failed

System: Jira
Error: "Insufficient permissions to update ABC-123"

Possible solutions:
1. Check your Jira permissions
2. Ensure you're on the correct project
3. Verify the ticket exists

Would you like me to retry? (yes/no)

Audit Trail

After any confirmed external write:

Claude: ✅ Operation completed

Audit trail:
- Timestamp: 2025-11-19 14:32:15 UTC
- System: Jira
- Operation: Update Status
- Target: ABC-123
- User confirmed: Yes
- Result: Success

Logged to: .claude/audit-log.json

Why This Skill Exists

Problem: Easy to accidentally write to external systems when:

  • Using agents that bypass command safety checks
  • Misunderstanding what a command does
  • Quickly testing a workflow
  • Copy-pasting commands without reading

Solution: This skill provides an automatic safety layer:

  • ✅ Works even when using agents directly
  • ✅ Catches writes regardless of how they're initiated
  • ✅ Provides clear "what will happen" preview
  • ✅ Gives user final control before execution

Complements existing safety:

  • Commands have built-in safety rules (SAFETY_RULES.md)
  • This skill adds automatic detection layer
  • Works together for defense-in-depth

Reference

For complete safety rules, see: ~/.claude/plugins/ccpm/commands/SAFETY_RULES.md