Ready Gate does not install dependencies, run package scripts, call providers, log into accounts, or mutate production systems.
Forbidden without explicit approval:
- reading
.env, cookies, browser profiles, tokens, SSH keys, or provider profiles; - running
npx,npm install, setup scripts, unknown binaries, product code, or provider calls; - changing billing, admin settings, production data, publishing, or deployment state.
This skill is not a security scanner and does not provide a security guarantee. It can route security-sensitive gaps into the product fix feed when evidence supports them.