fence-awareness

Detects subagent capability escapes by comparing the tool being invoked against the skill's declared allowed-tools list. Use when the developer asks about subagent escape, sees a tool fired from an unexpected skill, or audits delegation.md compliance. Auto-fires on PreToolUse. Best-effort observability only — does not block.

Safety Notice

This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.

Copy this and send it to your AI assistant to learn

Install skill "fence-awareness" with this command: npx skills add enchanter-ai/skillsmp-enchanter-ai-enchanter-ai-fence-awareness

No markdown body

This source entry does not include full markdown content beyond metadata.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHub

Related Skills

Related by shared tags or category signals.

Security

shield-awareness

OPT-IN BLOCKING egress allowlist. Pairs with hydra-egress-monitor (advisory). When state/egress-policy.json sets enabled:true, this shield blocks any WebFetch / WebSearch / Bash-network call whose destination host is not in the operator-curated allowlist. Use when the developer asks why a network call was blocked, wants to inspect or edit the egress allowlist, or asks about audit.ndjson policy_blocked events. Default disabled — out of the box this shield does nothing. Do not use for observability without enforcement (see egress-monitor).

Repository SourceNeeds Review
-1enchanter-ai
Security

reach-awareness

Post-filters vuln-detector findings by call-graph reachability from an entrypoint, so operators triage exploitable vulns first and dead-code or vendored-library hits last. Use when the developer wants to triage a vuln-detector audit.jsonl, runs /hydra:reach, asks "which of these findings are actually reachable?", or references Snyk/CodeQL/Semgrep reachability as a reference baseline. Currently scaffolded; full integration is blocked on lich exporting a persisted call-graph artifact — in graph-absent mode, every finding is preserved with reachable=null. Do not use for raw vuln scanning (see vuln-detector) or for first-pass CWE classification (see audit-trail).

Repository SourceNeeds Review
-1enchanter-ai
Security

lich-review

Runs M1 Cousot Interval Propagation and M2 Falleri Structural Diff on a code scope, flags runtime-failure candidates (div-zero, null deref, OOB, overflow, resource leak), and hands the flagged sites to lich-sandbox for M5 confirmation. Use when: the user runs /lich-review on a hunk / file / PR, or the PostToolUse hook fires on Write/Edit/MultiEdit. Do not use for: security-taint review (Hydra R3 owns that), change classification (Crow V1/V2 owns that), or rubric-style judgment (lich-rubric skill owns that).

Repository SourceNeeds Review
-1enchanter-ai
Security

egress-awareness

Logs every WebFetch / WebSearch / Bash-network destination to an append-only NDJSON and surfaces first-seen domains as advisory warnings. Use when the developer asks "what did this session reach out to?" or "show me egress", wants a per-session list of contacted hosts, asks about an egress-monitor advisory, or wants to inspect state/log.ndjson. Auto-fires on PostToolUse for network tools. Do not use for in-process state inspection (see audit-trail).

Repository SourceNeeds Review
-1enchanter-ai
fence-awareness | V50.AI