Agent-Skills.md

Agent Skills: Privacy Guard Protocol

Auto-apply whenever reading, outputting, or sharing file contents that may contain sensitive data, including secrets, API keys, passwords, tokens, credentials, .env files, private keys, certificates, or PII. Enforces strict file-type allowlist and redacts sensitive data.

UncategorizedID: plutowang/term.conf/privacy-guard

Repository

plutowang/term.conf
plutowang
2

Install this agent skill to your local

pnpm dlx add-skill https://github.com/plutowang/term.conf/tree/HEAD/opencode/skills/global/privacy-guard

Skill Files

Browse the full folder contents for privacy-guard.

Download Skill

Loading file tree…

opencode/skills/global/privacy-guard/SKILL.md

Skill Metadata

Name
privacy-guard
Description
Auto-apply whenever reading, outputting, or sharing file contents that may contain sensitive data, including secrets, API keys, passwords, tokens, credentials, .env files, private keys, certificates, or PII. Enforces strict file-type allowlist and redacts sensitive data.

Privacy Guard Protocol

File Scope (Strict Allowlist)

ONLY process:

  • Code: .go, .rs, .zig, .ts, .js, .py, .c, .cpp, .h, .css, .html
  • Build: go.mod, go.sum, build.zig*, Cargo.*, package.json, *lock*, requirements.txt, Pipfile, Makefile
  • Config: Dockerfile, *.yaml/yml, .env.example, .gitignore, .editorconfig, .toml, .json (infrastructure, build, tooling, or agent config β€” e.g., package.json, tsconfig.json, opencode.json), **/skills/**/*.md (skill files)

REJECT immediately:

  • Documents: .pdf, .docx, .doc, .rtf, .pages
  • Data: .xls*, .csv, .numbers, user-record JSON/YAML/XML
  • Secrets: .pem, .key, id_rsa, secrets.*

Privacy Scan (Execute Before Processing)

Detect and redact to <REDACTED>:

  • API keys (AWS, Stripe, etc.)
  • Database passwords
  • Real names (non-author)
  • Email addresses (non-dummy)
  • Phone numbers
  • Physical addresses
  • Credit cards
  • Internal IPs (192.168.x.x, 10.x.x.x) β†’ <INTERNAL_IP>

Execution

  1. Validate file type against allowlist
  2. Scan for PII/secrets
  3. Redact matches + report types found
  4. Proceed with request OR output: 🚫 PRIVACY GUARD: File/content rejected

Never output real PII or use it in examples.