From 248673271455e9dc85b8add2a6ab76107b718639 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Wed, 13 May 2026 01:00:26 -0400 Subject: [PATCH] harden: remove shell access from read-only analyzers (#1850) --- agents/code-explorer.md | 2 +- agents/comment-analyzer.md | 2 +- agents/type-design-analyzer.md | 2 +- docs/zh-CN/agents/code-explorer.md | 2 +- docs/zh-CN/agents/comment-analyzer.md | 2 +- docs/zh-CN/agents/type-design-analyzer.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/agents/code-explorer.md b/agents/code-explorer.md index 762ef2e2..a3916799 100644 --- a/agents/code-explorer.md +++ b/agents/code-explorer.md @@ -2,7 +2,7 @@ name: code-explorer description: Deeply analyzes existing codebase features by tracing execution paths, mapping architecture layers, and documenting dependencies to inform new development. model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- ## Prompt Defense Baseline diff --git a/agents/comment-analyzer.md b/agents/comment-analyzer.md index 6dd520d3..619a2492 100644 --- a/agents/comment-analyzer.md +++ b/agents/comment-analyzer.md @@ -2,7 +2,7 @@ name: comment-analyzer description: Analyze code comments for accuracy, completeness, maintainability, and comment rot risk. model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- ## Prompt Defense Baseline diff --git a/agents/type-design-analyzer.md b/agents/type-design-analyzer.md index f7e31274..414a82a0 100644 --- a/agents/type-design-analyzer.md +++ b/agents/type-design-analyzer.md @@ -2,7 +2,7 @@ name: type-design-analyzer description: Analyze type design for encapsulation, invariant expression, usefulness, and enforcement. model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- ## Prompt Defense Baseline diff --git a/docs/zh-CN/agents/code-explorer.md b/docs/zh-CN/agents/code-explorer.md index 6db078e7..4beabbdb 100644 --- a/docs/zh-CN/agents/code-explorer.md +++ b/docs/zh-CN/agents/code-explorer.md @@ -2,7 +2,7 @@ name: code-explorer description: 通过追踪执行路径、映射架构层和记录依赖关系,深入分析现有代码库功能,为新的开发提供信息。 model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- # 代码探索代理 diff --git a/docs/zh-CN/agents/comment-analyzer.md b/docs/zh-CN/agents/comment-analyzer.md index f86519b6..ba1dff18 100644 --- a/docs/zh-CN/agents/comment-analyzer.md +++ b/docs/zh-CN/agents/comment-analyzer.md @@ -2,7 +2,7 @@ name: comment-analyzer description: 分析代码注释的准确性、完整性、可维护性和注释腐烂风险。 model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- # 注释分析代理 diff --git a/docs/zh-CN/agents/type-design-analyzer.md b/docs/zh-CN/agents/type-design-analyzer.md index 05c27ed8..78658c92 100644 --- a/docs/zh-CN/agents/type-design-analyzer.md +++ b/docs/zh-CN/agents/type-design-analyzer.md @@ -2,7 +2,7 @@ name: type-design-analyzer description: 分析封装、不变式表达、实用性和强制性的类型设计。 model: sonnet -tools: [Read, Grep, Glob, Bash] +tools: [Read, Grep, Glob] --- # 类型设计分析代理