allowed-tools: Kill the Permission Spam

The Problem and the Fix

• **The problem** — By default, Copilot CLI asks permission before every tool call. A skill that reads 5 files, runs a build, and edits 3 files triggers 13 permission prompts. It completely breaks the flow.
• **The fix** — Add allowed-tools to your skill's YAML frontmatter. Listed tools run automatically with no prompts. Unlisted tools still ask for permission — so you get automation where you want it and safety where you need it.
• **Cross-tool compatibility** — Claude Code has its own permission system (acceptEdits mode), but allowed-tools works in both Claude Code and Copilot CLI. Adding it doesn't break anything.

Permission Levels by Skill Type

1. 1 **Choose the right permission level for each skill**
   • › Research only → allowed-tools: [read, grep, glob]
   • › Code modification → allowed-tools: [read, edit, write, grep, glob]
   • › Full automation → allowed-tools: [read, edit, write, bash, grep, glob]
   • › With MCP → add mcp to any of the above
2. 2 **Be intentional** — read, grep, glob are safe for research skills. Add edit and write for skills that modify code. Add bash for skills that run commands. Add mcp for skills that use MCP servers.
3. 3 **Try it now** — Add allowed-tools to an existing skill and re-run it. The difference is immediate — no more clicking 'Yes' for every operation.