Safe Practices

Most security failures do not start with a sophisticated attack. They start with someone in a hurry.

Keep secrets out of chat. If something is sensitive, reference where it lives — "it's in the credentials file" — instead of repeating the value. Ask for confirmation that a connection works, not an echo of the key that proves it.

Keep work in the right topic. Sloppy context boundaries lead to accidental oversharing, and they make project history harder to trust later. The habit costs almost nothing; the cleanup when it goes wrong costs much more.

Verify before acting. Before sending anything, confirm the target, the audience, and the facts. Before calling work complete, confirm that outputs actually exist and behave as expected. Verification is not distrust — it is how professionals avoid expensive surprises.

Treat external communication as a hard line. Drafting is one category. Sending is another. A draft can be revised; a sent message cannot be unsent. Explicit approval at that boundary is not bureaucracy. It is just how responsible communication works.

When something feels high-stakes or ambiguous, slow down. A short pause and a quick check is not friction — it is the judgment call that prevents long cleanup. The scenarios worth escalating are obvious in the moment. Trust that instinct.

Credentials follow a simple cycle: store securely, reference instead of repeating, confirm without disclosing, rotate on a schedule. If a secret is exposed, rotate it immediately. Do not wait to assess impact first — rotation is fast, exposure risk is not.

None of this requires paranoia. It requires the same discipline you would apply to any high-trust working relationship: keep private things private, verify before trusting, and require real approval before things leave the building.