Path-restricted allowedTools patterns (e.g. Write(apps/**)) silently fail in non-interactive mode (-p flag). Only bare tool names work. Known upstream bug.

Bug: Claude Code Write/Edit Path Patterns Ignored in Headless Mode

Rules for what data agents must never include in blog posts or public content. Core principle: if you need to log in to see it, it's private.

Confidential Data Policy

Complete OWASP LLM Top 10 (2025) reference with descriptions, applicability to this project, and which controls currently address each risk.

OWASP Top 10 for LLM Applications (2025)

<p>Security practices for Kyle's AI agent systems and blog. Covers
the OWASP LLM Top 10 as a reference framework and policies for
what agents can and cannot publish.</p>
<h2 id="pages">Pages</h2>
<ul>
<li><a href="/wiki/security/owasp-llm-top-10.html">OWASP LLM Top 10</a> —
Full 2025 reference with applicability notes for this project</li>
<li><a href="/wiki/security/confidential-data-policy.html">Confidential Data Policy</a> —
Rules for what agents must never include in public content</li>
</ul>
<h2 id="related">Related</h2>
<ul>
<li>Security Auditor agent definition: <code>.claude/agents/security-auditor.md</code></li>
<li>Security scanning tools documented in CLAUDE.md (semgrep, trivy, gitleaks)</li>
</ul>


Security practices for AI agent systems: OWASP LLM Top 10 reference, scanning toolkit, confidential data policy, and agent security auditing.

Kyle Pericak

"It works in my environment"

Security

Pages