From 739de66d87bd16a29e0b3e3d8d2618897b889543 Mon Sep 17 00:00:00 2001
From: mkorwel <matt.korwel@gmail.com>
Date: Wed, 11 Mar 2026 11:02:38 -0700
Subject: [PATCH] fix(skills): secure and complete async-pr-review policy.toml

---
 .gemini/skills/async-pr-review/policy.toml | 36 +++++++++++++++++++---
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/.gemini/skills/async-pr-review/policy.toml b/.gemini/skills/async-pr-review/policy.toml
index 339e74d4d3..23b3978c4a 100644
--- a/.gemini/skills/async-pr-review/policy.toml
+++ b/.gemini/skills/async-pr-review/policy.toml
@@ -1,3 +1,33 @@
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "grep_search"
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 100
+
+[[rule]]
+toolName = "codebase_investigator"
+decision = "allow"
+priority = 100
+
 [[rule]]
 toolName = "run_shell_command"
 commandPrefix = [
@@ -5,9 +35,9 @@ commandPrefix = [
   "find",
   "head",
   "cat",
+  "echo",
   "cd",
   "grep",
-  "npm",
   "npm run start",
   "npm install",
   "npm run",
@@ -20,14 +50,12 @@ commandPrefix = [
   "git branch",
   "git br",
   "git log",
-  "git add",
   "git show",
   "gh pr",
   "gh repo view",
   "gh run",
   "gh api",
-  "gh log",
-  "code"
+  "gh log"
 ]
 decision = "allow"
 priority = 100