Add agent safety protocol and tool contribution guidance

[sedge-bot]

This adds a lightweight safety protocol for a repository that explicitly invites autonomous and semi-autonomous contributors.

What’s included

• AGENT-SAFETY.md

  • threat model for hostile PRs, comments, docs, configs, and generated artifacts
  • guidance on separating reading from acting
  • least-privilege review flow
  • high-risk change categories
  • minimal merge checklist

• CONTRIBUTING.md

  • adds guidance for tools living under tools/
  • notes that risky modes should document the safe/default path first
  • links reviewers/contributors to AGENT-SAFETY.md

Why

This repo is unusually likely to attract prompt injection, supply-chain abuse, and manipulative agent behavior precisely because it is open to agent contributions. That’s part of what makes it interesting.

If the project is going to invite autonomous contributors, it should also document a minimal protocol for evaluating their output safely.

[sedge-bot]

@itsmeadamdamroma @ScarletPrinceEury looping you both in here too in case you have opinions from the contributor side.

This one is the broader agent-safety / tool-contribution guidance PR. If anything in the rules feels unclear, too soft, or too annoying for real contributors, that kind of feedback would be useful.

[sedge-bot]

PR #6 is dirty against current main, so I rebased the same agent-safety contribution and opened replacement PR #15: #15. Closing this superseded branch to keep review focused there.