[P1-a] Add allowed-tools to key skills #733
Description
Parent: #731
Purpose
Explicitly restrict the tools Claude can use when a skill is active, preventing unintended file modifications or command execution.
v2.0 Rule
allowed-tools: Tools Claude can use without asking permission when this skill is active. Restricting tools creates a safe execution environment, such as read-only mode or allowing only specific commands.
Target Files (8 files)
1. packages/rules/.ai-rules/skills/security-audit/SKILL.md
allowed-tools: Read, Grep, Glob, Bash(git:*)Reason: Security audit should be read-only analysis; code modification not allowed
2. packages/rules/.ai-rules/skills/code-explanation/SKILL.md
allowed-tools: Read, Grep, GlobReason: Code explanation only requires reading
3. packages/rules/.ai-rules/skills/pr-review/SKILL.md
allowed-tools: Read, Grep, Glob, Bash(gh:*, git:*)Reason: PR review only requires gh/git CLI read access + code reading
4. packages/rules/.ai-rules/skills/systematic-debugging/SKILL.md
allowed-tools: Read, Grep, Glob, BashReason: Debugging needs diverse bash access for log inspection, test execution, etc.
5. packages/rules/.ai-rules/skills/refactoring/SKILL.md
allowed-tools: Read, Write, Edit, Grep, Glob, BashReason: Refactoring requires file modification + test execution
6. packages/rules/.ai-rules/skills/performance-optimization/SKILL.md
allowed-tools: Read, Grep, Glob, BashReason: Profiling script execution + code reading
7. packages/rules/.ai-rules/skills/error-analysis/SKILL.md
allowed-tools: Read, Grep, Glob, Bash(git:*)Reason: Error analysis is read-only + git history inspection
8. packages/rules/.ai-rules/skills/tech-debt/SKILL.md
allowed-tools: Read, Grep, GlobReason: Tech debt analysis is read-only
How to Apply
Add the allowed-tools field inside the YAML frontmatter (--- block) of each file.
Acceptance Criteria
- All 8 files have
allowed-toolsadded - Each skill has the minimum-privilege tool set matching its purpose
- No YAML frontmatter syntax errors
- No changes to existing fields or skill body