diff --git a/prompts/coding/update_agent_permissions_1388.md b/prompts/coding/update_agent_permissions_1388.md
new file mode 100644
index 0000000..9c06dfa
--- /dev/null
+++ b/prompts/coding/update_agent_permissions_1388.md
@@ -0,0 +1,60 @@
+---
+title: "Update Agent Permissions"
+contributor: "@grantcarthew"
+tags: #coding, #grantcarthew
+---
+
+# Task: Update Agent Permissions
+
+Please analyse our entire conversation and identify all specific commands used.
+
+Update permissions for both Claude Code and Gemini CLI.
+
+## Reference Files
+
+- Claude: ~/.claude/settings.json
+- Gemini policy: ~/.gemini/policies/tool-permissions.toml
+- Gemini settings: ~/.gemini/settings.json
+- Gemini trusted folders: ~/.gemini/trustedFolders.json
+
+## Instructions
+
+1. Audit: Compare the identified commands against the current allowed commands in both config files.
+2. Filter: Only include commands that provide read-only access to resources.
+3. Restrict: Explicitly exclude any commands capable of modifying, deleting, or destroying data.
+4. Update: Add only the missing read-only commands to both config files.
+5. Constraint: Do not use wildcards. Each command must be listed individually for granular security.
+
+Show me the list of commands under two categories: Read-Only, and Write
+
+We are mostly interested in the read-only commands here that fall under the categories: Read, Get, Describe, View, or similar.
+
+Once I have approved the list, update both config files.
+
+## Claude Format
+
+File: ~/.claude/settings.json
+
+Claude uses a JSON permissions object with allow, deny, and ask arrays.
+
+Allow format: `Bash(command subcommand:*)`
+
+Insert new commands in alphabetical order within the allow array.
+
+## Gemini Format
+
+File: ~/.gemini/policies/tool-permissions.toml
+
+Gemini uses a TOML policy engine with rules at different priority levels.
+
+Rule types and priorities:
+- `decision = "deny"` at `priority = 200` for destructive operations
+- `decision = "ask_user"` at `priority = 150` for write operations needing confirmation
+- `decision = "allow"` at `priority = 100` for read-only operations
+
+For allow rules, use `commandPrefix` (provides word-boundary matching).
+For deny and ask rules, use `commandRegex` (catches flag variants).
+
+New read-only commands should be added to the appropriate existing `[[rule]]` block by category, or a new block if no category fits.
+
+Example allow rule: