feat: filter agent-restricted skills from prompts and tool description#2827
Open
z-traveler wants to merge 1 commit intocode-yeongyu:devfrom
Open
feat: filter agent-restricted skills from prompts and tool description#2827z-traveler wants to merge 1 commit intocode-yeongyu:devfrom
z-traveler wants to merge 1 commit intocode-yeongyu:devfrom
Conversation
Skills with an `agent` frontmatter field are intended for a specific agent. Previously they still appeared in: - every agent's system prompt (via `buildAvailableSkills`) - the `skill` tool's `<available_items>` description visible to all agents This wasted tokens and could mislead agents into attempting calls that would be rejected at execution time. Changes: - `buildAvailableSkills`: new optional `agentName` parameter; when provided, skills whose `definition.agent` does not match are excluded - `builtin-agents.ts`: pass per-agent name to `buildAvailableSkills` for sisyphus, hephaestus, and atlas, so each agent's prompt only lists the skills it is allowed to use - `createSkillTool` (`tools.ts`): exclude agent-restricted skills from both the eager and lazy description builds, keeping the shared tool description free of skills the current agent cannot access Execution-time enforcement (throwing on mismatch) is unchanged; this change adds the earlier, description-level visibility gate. Tests: new `available-skills.test.ts` (5 cases) + 3 new cases in `tools.test.ts` covering the description-filter and execute paths. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
No issues found across 5 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Auto-approved: The PR correctly implements agent-based skill filtering with backward compatibility and includes comprehensive tests. No regression risk identified.
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Add one-off context when rerunning by tagging
@cubic-dev-aiwith guidance or docs links (includingllms.txt) - Ask questions if you need clarification on any suggestion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Skills with an
agentfrontmatter field are intended to be restricted to a specific agent. However, they currently appear in:buildAvailableSkillsreturned all skills regardless of thedefinition.agentfield, so a skill markedagent: oraclewould still show up in Sisyphus's and Hephaestus's skill delegation sections, wasting tokens and potentially misleading the LLM.skilltool's<available_items>description — shared across all agents, again leaking restricted skills to unintended agents.The execution-time check (throwing an error when the wrong agent calls a restricted skill) already existed, but that only catches the problem after the LLM has already decided to make the call.
Solution
Add a description-level visibility gate so restricted skills are never shown to agents that cannot use them.
Changes
buildAvailableSkills(available-skills.ts): new optionalagentNameparameter. When provided, skills whosedefinition.agentdoes not match the current agent are filtered out. Fully backward-compatible — omittingagentNamepreserves existing behaviour.createBuiltinAgents(builtin-agents.ts): callbuildAvailableSkillswith the agent name forsisyphus,hephaestus, andatlasindividually, so each agent's prompt only lists its own skills.createSkillTool(tools.ts): filter agent-restricted skills out of both the eager and lazy description builds. The full skill list is still used at execute time, so the existing execution-time check remains intact.Tests (TDD)
New file
src/agents/builtin-agents/available-skills.test.ts— 5 cases:agentName→ restricted skills still includedagentfield) → always includedtools.test.ts— 3 new cases in a newdescribeblock:<available_items>descriptionBehavior summary
agent: oracleskill in Sisyphus's promptagent: oracleskill in Oracle's promptskilltool<available_items>for any agentskill(name="oracle-only")at runtimeskill(name="oracle-only")at runtimeagentfieldSummary by cubic
Hide agent-restricted skills from non-owner agents in prompts and the shared
skilltool description. This reduces prompt tokens and prevents misleading calls; runtime enforcement is unchanged.agentNametobuildAvailableSkills; filters skills bydefinition.agentwhen provided (backward compatible when omitted).createBuiltinAgentsto pass agent names for Sisyphus, Hephaestus, and Atlas so each prompt lists only its own skills.createSkillToolto exclude agent-restricted skills from both eager and lazy description builds (e.g.,<available_items>); execution still uses the full list.Written for commit bebbb5b. Summary will update on new commits.