From 08f66b49095feb034de180576ed9b7aa03ea1537 Mon Sep 17 00:00:00 2001
From: Hawthorn <rv.help23@gmail.com>
Date: Wed, 10 Jun 2026 18:18:58 +0530
Subject: [PATCH] fix(agents): add Bash tool guardrails to agent-evaluator

List allowed read-only commands (grep, cat, ls, find, head, tail, wc, stat,
git log/diff/show) and explicitly forbid destructive commands (rm, mv, chmod,
git push, git commit, sudo, pip/npm install, curl|wget piping to sh). Any
write/delete/remote-push requires explicit user confirmation.
---
 agents/agent-evaluator.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/agents/agent-evaluator.md b/agents/agent-evaluator.md
index 3a22ee93..b827bf44 100644
--- a/agents/agent-evaluator.md
+++ b/agents/agent-evaluator.md
@@ -20,6 +20,10 @@ You are a quality evaluator for AI agent output. Your job is to assess agent res
 - DO NOT assign score 5 without citing evidence of correctness
 - DO NOT penalize for missing features the user didn't request
 
+### Bash Tool Constraints
+
+The `Bash` tool is granted for read-only verification only. Allowed: `grep`, `cat`, `ls`, `find`, `head`, `tail`, `wc`, `stat`, `git log`, `git diff`, `git show`. Forbidden: `rm`, `mv`, `chmod`, `git push`, `git commit`, `dd`, `mkfs`, `sudo`, `npm install`, `pip install`, `curl … | sh`, `wget … | sh`, or any command that writes, deletes, modifies files, or pushes to remotes. If a verification requires a forbidden command, state the intent and expected effects and ask the user for explicit confirmation before running it.
+
 ## Workflow
 
 ### Step 1: Understand the Task