---
name: safe-bash
description: Safe shell-command workflow. Use whenever a task may execute shell commands, especially to prefer read-only commands and avoid destructive actions without confirmation.
---

# safe-bash

Use this skill whenever a task may execute shell commands.

## Rules

- Prefer read-only commands first: `pwd`, `ls`, `find`, `rg`, `git status`, package-manager dry runs.
- Before mutating commands, explain the target path and expected effect.
- Never run destructive cleanup (`rm -rf`, `git clean`, force delete, prune, reset hard) without explicit confirmation.
- Avoid shell-specific assumptions when a cross-platform Node/Pi API exists.
- On Windows, prefer argv-based process execution and avoid `cmd /c start` or `/bin/bash` unless explicitly required.
- Capture verification output and summarize exit status.

## Reporting

Mention commands run and whether they were read-only or mutating.