fix: restrict Bash tool access in create-marketplace command

[sjnims]

Summary

Restrict Bash tool access from unrestricted Bash to Bash(mkdir:*) in the create-marketplace command, following the least-privilege security principle.

Problem

Fixes #106

The create-marketplace command had unrestricted Bash in its allowed-tools, violating:

• The command-development skill best practice (SKILL.md:469): "Limit scope: Use Bash(git:*) not Bash(*)"
• Consistency with the sister command create-plugin.md which properly restricts Bash access

Solution

Changed Bash to Bash(mkdir:*) since the command only needs mkdir -p for directory creation (lines 131-136 in the command body).

Alternatives Considered

1. Keep unrestricted - Rejected; violates least-privilege principle
2. Add more patterns like Bash(mkdir:*), Bash(git init:*) - Rejected; create-marketplace doesn't need git init (unlike create-plugin)

Changes

• plugins/plugin-dev/commands/create-marketplace.md: Change Bash → Bash(mkdir:*)

Testing

• Markdownlint passes
• Change follows established pattern from create-plugin.md

Security Note

This is a defense-in-depth improvement. While Claude exercises judgment regardless, restricting permissions:

• Documents the intended scope
• Provides an additional safety layer
• Maintains consistency across commands

---

🤖 Generated with Claude Code

[claude]

Claude finished @sjnims's task in 58s —— View job

---

PR Review Complete

Reviewing PR #108: fix: restrict Bash tool access in create-marketplace command

---

Summary

✅ Looks good - This is a solid security improvement that correctly applies the least-privilege principle.

---

What's Good

1. Follows Best Practices: The change correctly applies the command-development skill guideline (SKILL.md:469): "Limit scope: Use Bash(git:*) not Bash(*)"

2. Appropriate Restriction: The command only uses mkdir -p for directory creation (lines 131-136), so Bash(mkdir:*) is the correct minimal permission set.

3. Consistency: Now matches the pattern from create-plugin.md, which uses Bash(mkdir:*), Bash(git init:*). The create-marketplace command correctly omits Bash(git init:*) since it doesn't need git initialization.

4. Clear Documentation: The PR description thoroughly explains the rationale, alternatives considered, and security benefits.

5. Markdown Quality: Markdownlint passes with no issues.

---

Checklist Verification

• ✅ Change follows established pattern from create-plugin.md
• ✅ Restriction matches actual command usage (only mkdir needed)
• ✅ Markdownlint passes
• ✅ Command frontmatter remains valid (description, argument-hint, allowed-tools all present)
• ✅ No documentation updates needed (this is an internal security improvement)
• ✅ Defense-in-depth improvement properly explained

---

Code Quality

The change is minimal and surgical:

-allowed-tools: Read, Write, Edit, Grep, Glob, Bash, TodoWrite, AskUserQuestion, Skill, Task
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash(mkdir:*), TodoWrite, AskUserQuestion, Skill, Task

File: plugins/plugin-dev/commands/create-marketplace.md:4

This correctly restricts the previously unrestricted Bash to only allow mkdir commands with any arguments, which is exactly what the command needs for creating directory structures.

---

Recommendation: Approve and merge. This PR makes a focused security improvement with no functional changes.

---