diff options
Diffstat (limited to 'assets')
| -rw-r--r-- | assets/codex-skills/phone-opus/SKILL.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/assets/codex-skills/phone-opus/SKILL.md b/assets/codex-skills/phone-opus/SKILL.md index 305badb..7db836a 100644 --- a/assets/codex-skills/phone-opus/SKILL.md +++ b/assets/codex-skills/phone-opus/SKILL.md @@ -35,7 +35,8 @@ should be taken as authoritative or final. It is a pure consultant. - Pins Claude to Opus 4.6 with max effort. - Prepends a fixed consult prefix before your prompt so Opus knows it is advising another model in read-only mode and should return a prioritized actionable report. -- Uses `--permission-mode dontAsk`, so only globally preapproved read-only Bash commands can execute. +- Uses `--dangerously-skip-permissions`, but wraps Claude in an external `systemd-run --user` sandbox. +- The sandbox keeps the filesystem globally read-only, gives Claude a separate persistent home under phone-opus state, leaves `/tmp` and `/var/tmp` writable, and forces the consulted `cwd` read-only when that tree would otherwise be writable. - This surface is consultative only. Edit tools are unavailable. - The returned `session_id` is reusable: pass it back into a later `consult` call to continue that Claude conversation. - Background consults return a `job_id`; use `consult_job` to poll one job or `consult_jobs` to rediscover recent ones. |