external-system-safety

from duongdev/ccpm

No description

6 stars1 forksUpdated Jan 12, 2026
npx skills add https://github.com/duongdev/ccpm --skill external-system-safety

SKILL.md

External System Safety Guardrails

This skill provides automatic safety enforcement for all operations involving external project management systems.

⚠️ CRITICAL: Linear Exclusion

DO NOT activate this skill for Linear operations. Linear is CCPM's internal tracking system.

NEVER ask for confirmation when:

  • Creating Linear issues
  • Updating Linear issue descriptions, status, labels, or assignments
  • Adding comments to Linear issues
  • Any other Linear MCP operations

This skill ONLY applies to EXTERNAL systems: Jira, Confluence, BitBucket, Slack, etc.

Instructions

⛔ ABSOLUTE RULES - NEVER VIOLATED

Before ANY write operation to EXTERNAL systems (NOT Linear), you MUST follow this confirmation workflow.

1. Detect External System Write Operations

Jira:

  • Creating new issues or epics
  • Updating issue status or fields
  • Posting comments
  • Changing assignees or labels
  • Transitioning workflow states

Confluence:

  • Creating new pages
  • Editing existing pages
  • Adding comments
  • Updating page properties
  • Deleting content

BitBucket:

  • Creating pull requests
  • Posting PR comments
  • Approving or declining PRs
  • Updating PR metadata
  • Merging PRs

Slack:

  • Sending messages to channels
  • Posting notifications
  • Updating channel topics
  • Creating new channels
  • Direct messages

2. STOP and Display Intent

When you detect a potential write operation:

⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: [Jira/Confluence/BitBucket/Slack]
Operation: [Create/Update/Delete/Post]
Target: [Specific item/location]

Details:
---
[Exact content that will be written/posted]
---

This will modify external systems. Proceed? (yes/no)

3. Wait for Explicit Confirmation

Acceptable confirmations:

  • "yes"
  • "confirm"
  • "proceed"
  • "go ahead"
  • "do it"

NOT acceptable (require re-confirmation):

  • Silence
  • "ok" (too ambiguous)
  • "sure" (too casual)
  • Any other response

4. Only Then Execute

After receiving explicit "yes" or equivalent:

  1. Execute the operation
  2. Log what was done
  3. Provide confirmation of success
  4. Show link to updated item if available

Examples

Example 1: Jira Status Update

User: "Update Jira ticket ABC-123 to Done"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Jira
Operation: Update Status
Target: ABC-123

Details:
---
Status: In Progress → Done
---

This will modify external systems. Proceed? (yes/no)

User: yes

Claude: ✅ Updated Jira ABC-123 status to Done
Link: https://jira.company.com/browse/ABC-123

Example 2: Confluence Page Creation

User: "Create a Confluence page documenting the new API"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Confluence
Operation: Create Page
Target: Engineering Space

Details:
---
Title: "New Payment API Documentation"
Parent: API Documentation
Content: [First 200 characters of content...]
---

This will modify external systems. Proceed? (yes/no)

User: no, not yet

Claude: Understood. I won't create the Confluence page. Let me know when you're ready.

Example 3: Slack Notification

User: "Let the team know the feature is deployed"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

System: Slack
Operation: Post Message
Target: #engineering channel

Details:
---
Message: "✅ Payment gateway integration deployed to production. All tests passing."
---

This will modify external systems. Proceed? (yes/no)

User: yes

Claude: ✅ Posted message to #engineering

Example 4: Multiple Operations

User: "Update Jira to Done and notify the team on Slack"

Claude: ⚠️ EXTERNAL SYSTEM WRITE DETECTED

I need to perform 2 write operations:

1. Jira - Update Status
   Target: ABC-123
   Change: In Progress → Done

2. Slack - Post Message
   Target: #engineering
   Message: "Task ABC-123 completed"

Proceed with both? (yes/no)

User: only the jira update

Claude: Got it. I'll update Jira ABC-123 but skip the Slack notification.

⚠️ Confirming: Update Jira ABC-123 to Done? (yes/no)

User: yes

Claude: ✅ Updated Jira ABC-123 to Done
❌ Skipped Slack notification as requested

Always Allowed (No Confirmation Needed)

The following operations NEVER require confirmation:

Read operations:

  • Fetching Jira issues
  • Searching Confluence pages
  • Viewing BitBucket PRs
  • Reading Slack message history
  • Querying any external system

Linear operations:

  • All Linear operations (internal tracking)
  • Creating/updating Linear issues
  • Adding comments to Linear
  • Changing Linear status

Local file operations:

  • Reading/writing files in .claude/ directory
  • Editing codebase files
  • Creating local documentation
  • Git operations (commit, branch, etc.)

Code operations:

  • Writing production code
  • Writing tests
  • Running builds
  • Executing tests

Special Cases

Case 1: User Explicitly Says "Without Confirmation"

If user explicitly requests bypassing confirmation:

User: "Update Jira ABC-123 to Done without asking me"

Still require ONE confir

...

Read full content

Repository

duongdev
duongdev/ccpmParent repository

Repository Stats

Stars6
Forks1
LicenseMIT License