---
name: safe-command-run
description: Translate a command-line objective into a scoped, verified action with appropriate approval points.
---

1. Read repository instructions and inspect the current directory, operating system and tool versions.
2. Restate the desired outcome and identify files, services, hosts or resources the command could affect.
3. Prefer read-only discovery before mutation and use dry-run, check or diff modes where available.
4. Do not print secrets, broaden permissions, or change unrelated state.
5. Stop for approval before destructive, remote, privileged, shared or production actions.
6. Run the command, check its exit status and verify the intended state through an independent observation.
7. Report commands, evidence and cleanup or rollback steps.
