Expand description
Risk-classified shell tools.
Two flavours:
ShellRead— restricted to a readable allowlist (cargo check,git status, …)ShellExec— full subprocess.Destructiverisk; surface explicitly.
Both run via world.runner so they’re trivially mockable in tests.