feat(core): add .agents/skills directory alias for skill discovery#18151
feat(core): add .agents/skills directory alias for skill discovery#18151NTaylorMullen merged 1 commit intomainfrom
Conversation
Summary of ChangesHello @NTaylorMullen, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the skill discovery mechanism by introducing a new, more flexible directory alias. Users can now store agent-specific skills in Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
NTaylorMullen
changed the title
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for .agent/skills as an alias for .gemini/skills for skill discovery. While the feature correctly implements the aliasing and precedence logic, a critical security flaw exists in the global agent directory discovery: it falls back to a world-writable temporary directory on multi-user systems when the home directory cannot be determined, potentially enabling cross-user skill injection attacks. Given that skill content and definitions are considered trusted by design, it is paramount to ensure the integrity of skill loading locations. It is recommended to remove this insecure fallback or implement robust ownership and permission checks. Furthermore, consider refactoring Storage.ts to reduce code duplication and use constants for directory paths to enhance maintainability.
NTaylorMullen
force-pushed
the
feat/agent-skills-alias
branch
3 times, most recently
from
c6d9eb1 to
7e0030d
Compare
NTaylorMullen
force-pushed
the
feat/agent-skills-alias
branch
from
7e0030d to
28b3413
Compare
|
Size Change: +882 B (0%) Total Size: 23.6 MB ℹ️ View Unchanged
|
gemini-cli
bot
added
the
status/need-issue
2 participants
Summary
This PR adds support for
.agents/skillsas an alias for.gemini/skillsin both user (~/.agents/skills) and workspace (.agents/skills) directories. This provides a more generic and intuitive path for managing agent-specific skills.Details
getGlobalAgentsDir,getUserAgentSkillsDir,getAgentsDir, andgetProjectAgentSkillsDirto theStorageclass inpackages/core/src/config/storage.ts.SkillManager.discoverSkillsinpackages/core/src/skills/skillManager.tsto include these new alias directories in the skill discovery process..agentsdirectories have precedence over.geminidirectories when they exist in the same tier (user or workspace).Related Issues
None.
How to Validate
~/.agents/skills/test-user-skill/SKILL.md..agents/skills/test-workspace-skill/SKILL.md.gemini skills listor use/skills listin the CLI.Alternatively, run the new test suite:
npm test -w @google/gemini-cli-core -- src/skills/skillManagerAlias.test.tsPre-Merge Checklist