{"id":"2156ff9a-487d-4828-aab8-a1bd935f7900","shortId":"BwYeCT","kind":"skill","title":"bridge-origin-safe-slash-override","tagline":"Keep remote slash-command skipping enabled by default, then reopen it only for bridge-safe commands while denying unsafe local commands with a friendly local response.","description":"# SKILL: Bridge Origin Safe Slash Override\n**Domain:** remote-input-safety\n**Trigger:** Apply when remotely delivered input should still default to plain-text slash handling, but a trusted bridge path needs to selectively re-enable only the slash commands that are safe to execute remotely.\n**Source Pattern:** Distilled from reviewed remote-control, bridge transport, and capability-advertising implementations.\n\n## Core Method\nKeep remote slash-command parsing disabled by default for bridge-delivered input. If a remote message starts with `/`, inspect it locally first and resolve whether it maps to a known command. Re-enable slash handling only when the resolved command is explicitly bridge-safe; otherwise, intercept unsafe known commands with a friendly local denial and leave unknown slash text as plain text. This preserves the defensive default while still allowing a narrow, reviewed remote command surface.\n\n## Key Rules\n- Preserve the “treat slash text as plain text” default at enqueue time so every other fast path still sees the defensive baseline.\n- Reopen slash handling only after all three checks pass: the message is bridge-originated, starts with `/`, and resolves to a command that passes bridge-safety filtering.\n- Treat known unsafe commands, especially local-jsx or terminal-only ones, as a local UX case rather than a model prompt: return a friendly denial such as \"config isn't available over Remote Control.\" and stop before querying.\n- Let unknown or malformed slash text fall through as plain text rather than converting it into a new local error surface for remote users.\n- Keep discovery aligned with execution by advertising only bridge-safe commands to remote clients whenever possible; the override should narrow execution, not widen the visible command set.\n\n## Example Application\nA mobile bridge sends `/deploy-docs`. The bridge layer parses it locally, confirms it is on the remote-safe allowlist, and then hands it to normal slash-command execution. The same bridge sends `/config`; the command resolves but is not remote-safe, so the system responds locally with a denial message. If the bridge sends `/shrug` and that text does not resolve to a known command, it stays plain text and is handled like an ordinary message.\n\n## Anti-Patterns (What NOT to do)\n- Do not disable slash skipping for all bridge traffic up front; that reopens the exact remote-command surface the default suppression was meant to close.\n- Do not pass known unsafe slash commands through as ordinary model text; the model should not have to interpret config after local policy already knows it is disallowed remotely.\n- Do not reject unknown bridge slash text with a new \"Unknown skill\" style error; preserving plain-text fallback avoids breaking ordinary remote messages that happen to start with `/`.","tags":["bridge","origin","safe","slash","override","cskill","agents","ychampion","agent-skills","ai-agents","cli","coding-agents"],"capabilities":["skill","source-ychampion","skill-bridge-origin-safe-slash-override","topic-agent-skills","topic-ai-agents","topic-cli","topic-coding-agents","topic-context-engineering","topic-developer-tools","topic-mcp","topic-multi-agent","topic-terminal-ui"],"categories":["cskill-agents"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/ychampion/cskill-agents/bridge-origin-safe-slash-override","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add ychampion/cskill-agents","source_repo":"https://github.com/ychampion/cskill-agents","install_from":"skills.sh"}},"qualityScore":"0.467","qualityRationale":"deterministic score 0.47 from registry signals: · indexed on github topic:agent-skills · 34 github stars · SKILL.md body (2,820 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:56:45.433Z","embedding":null,"createdAt":"2026-04-18T22:19:49.846Z","updatedAt":"2026-04-22T06:56:45.433Z","lastSeenAt":"2026-04-22T06:56:45.433Z","tsv":"'/config':359 '/deploy-docs':329 '/shrug':382 'advertis':95,301 'align':297 'allow':172 'allowlist':344 'alreadi':460 'anti':405 'anti-pattern':404 'appli':47 'applic':324 'avail':263 'avoid':485 'baselin':202 'break':486 'bridg':2,22,36,64,90,110,145,216,228,304,327,331,357,380,418,470 'bridge-deliv':109 'bridge-origin':215 'bridge-origin-safe-slash-overrid':1 'bridge-saf':21,144,303 'bridge-safeti':227 'capability-advertis':93 'capabl':94 'case':248 'check':210 'client':309 'close':436 'command':11,24,29,75,103,131,141,151,177,224,234,306,321,353,361,392,428,443 'config':260,456 'confirm':336 'control':89,266 'convert':284 'core':97 'default':15,54,107,169,189,431 'defens':168,201 'deliv':50,111 'deni':26 'denial':156,257,376 'disabl':105,413 'disallow':464 'discoveri':296 'distil':84 'domain':41 'enabl':13,71,134 'enqueu':191 'error':290,479 'especi':235 'everi':194 'exact':425 'exampl':323 'execut':80,299,316,354 'explicit':143 'fall':277 'fallback':484 'fast':196 'filter':230 'first':122 'friend':32,154,256 'front':421 'hand':347 'handl':60,136,205,399 'happen':491 'implement':96 'input':44,51,112 'inspect':119 'intercept':148 'interpret':455 'isn':261 'jsx':238 'keep':7,99,295 'key':179 'know':461 'known':130,150,232,391,440 'layer':332 'leav':158 'let':271 'like':400 'local':28,33,121,155,237,246,289,335,373,458 'local-jsx':236 'malform':274 'map':127 'meant':434 'messag':116,213,377,403,489 'method':98 'mobil':326 'model':252,447,450 'narrow':174,315 'need':66 'new':288,475 'normal':350 'one':243 'ordinari':402,446,487 'origin':3,37,217 'otherwis':147 'overrid':6,40,313 'pars':104,333 'pass':211,226,439 'path':65,197 'pattern':83,406 'plain':57,163,187,280,395,482 'plain-text':56,481 'polici':459 'possibl':311 'preserv':166,181,480 'prompt':253 'queri':270 'rather':249,282 're':70,133 're-en':69,132 'reject':468 'remot':8,43,49,81,88,100,115,176,265,293,308,342,367,427,465,488 'remote-command':426 'remote-control':87 'remote-input-safeti':42 'remote-saf':341,366 'reopen':17,203,423 'resolv':124,140,221,362,388 'respond':372 'respons':34 'return':254 'review':86,175 'rule':180 'safe':4,23,38,78,146,305,343,368 'safeti':45,229 'see':199 'select':68 'send':328,358,381 'set':322 'skill':35,477 'skill-bridge-origin-safe-slash-override' 'skip':12,415 'slash':5,10,39,59,74,102,135,160,184,204,275,352,414,442,471 'slash-command':9,101,351 'sourc':82 'source-ychampion' 'start':117,218,493 'stay':394 'still':53,171,198 'stop':268 'style':478 'suppress':432 'surfac':178,291,429 'system':371 'termin':241 'terminal-on':240 'text':58,161,164,185,188,276,281,385,396,448,472,483 'three':209 'time':192 'topic-agent-skills' 'topic-ai-agents' 'topic-cli' 'topic-coding-agents' 'topic-context-engineering' 'topic-developer-tools' 'topic-mcp' 'topic-multi-agent' 'topic-terminal-ui' 'traffic':419 'transport':91 'treat':183,231 'trigger':46 'trust':63 'unknown':159,272,469,476 'unsaf':27,149,233,441 'user':294 'ux':247 'visibl':320 'whenev':310 'whether':125 'widen':318","prices":[{"id":"ce86b96d-d07f-413d-a853-0ac9a4c144a4","listingId":"2156ff9a-487d-4828-aab8-a1bd935f7900","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"ychampion","category":"cskill-agents","install_from":"skills.sh"},"createdAt":"2026-04-18T22:19:49.846Z"}],"sources":[{"listingId":"2156ff9a-487d-4828-aab8-a1bd935f7900","source":"github","sourceId":"ychampion/cskill-agents/bridge-origin-safe-slash-override","sourceUrl":"https://github.com/ychampion/cskill-agents/tree/main/skills/bridge-origin-safe-slash-override","isPrimary":false,"firstSeenAt":"2026-04-18T22:19:49.846Z","lastSeenAt":"2026-04-22T06:56:45.433Z"}],"details":{"listingId":"2156ff9a-487d-4828-aab8-a1bd935f7900","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"ychampion","slug":"bridge-origin-safe-slash-override","github":{"repo":"ychampion/cskill-agents","stars":34,"topics":["agent-skills","ai-agents","cli","coding-agents","context-engineering","developer-tools","mcp","multi-agent","terminal-ui"],"license":"mit","html_url":"https://github.com/ychampion/cskill-agents","pushed_at":"2026-04-04T14:13:23Z","description":"Agent skills for coding CLIs, multi-agent runtimes, context engines, MCP extensions, and terminal tooling. Instead of using claude code's source code, give your agent skills to create your own!","skill_md_sha":"f4e8763b59c912a798b2997b80de8a2b56cd30da","skill_md_path":"skills/bridge-origin-safe-slash-override/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/ychampion/cskill-agents/tree/main/skills/bridge-origin-safe-slash-override"},"layout":"multi","source":"github","category":"cskill-agents","frontmatter":{"name":"bridge-origin-safe-slash-override","description":"Keep remote slash-command skipping enabled by default, then reopen it only for bridge-safe commands while denying unsafe local commands with a friendly local response."},"skills_sh_url":"https://skills.sh/ychampion/cskill-agents/bridge-origin-safe-slash-override"},"updatedAt":"2026-04-22T06:56:45.433Z"}}