Skip to content

feat(skills): added skills to agent block#3149

Merged
waleedlatif1 merged 9 commits intostagingfrom
feat/skills
Feb 6, 2026
Merged

feat(skills): added skills to agent block#3149
waleedlatif1 merged 9 commits intostagingfrom
feat/skills

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Feb 6, 2026
edited
Loading

Summary

Adds Agent Skills as a first-class feature — reusable prompt/instruction packages that users can create, manage, and attach to Agent blocks. Follows the agentskills.io open specification.

Architecture

Skills use progressive disclosure to keep context lean:

  1. Metadata only (name + description) is injected into the system prompt as <available_skills> XML so the LLM knows what's available
  2. An auto-injected load_skill tool lets the LLM load full skill content on-demand when it decides a skill is relevant
  3. Full markdown instructions enter context as a tool response — not bloating the system prompt

This works across all providers (OpenAI, Anthropic, Gemini, etc.) using standard tool-calling — no provider-specific code needed.

What's included

  • DB schema: skill table with workspace-scoped unique name index
  • API: CRUD routes at /api/skills with workspace permission checks
  • Settings UI: Skills tab under Tools with create/edit/delete modal
  • Agent block: skill-input subblock (Combobox dropdown for skill selection)
  • Execution: skills-resolver.ts for metadata/content resolution, load_skill handler in tools/index.ts
  • Permissions: disableSkills wired end-to-end (permission groups API, access control UI, settings modal, executor validation)
  • Docs: Skills documentation page
  • Icon: agentskills.io hexagon favicon

Type of Change

  • New feature

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Feb 6, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Feb 6, 2026 6:14pm

Request Review

@waleedlatif1 waleedlatif1 marked this pull request as ready for review February 6, 2026 06:46
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 6, 2026
edited
Loading

Greptile Overview

Greptile Summary

  • Introduces Agent Skills: workspace-scoped skill entities (name/description/content) with CRUD API and settings UI for creation/edit/deletion.
  • Extends agent block configuration with a skill-input sub-block and executor support for progressive-disclosure skill usage (inject metadata in system prompt + load_skill tool).
  • Adds access-control plumbing for disableSkills across permission group APIs, config parsing/defaults, and admin UI.
  • Includes related executor fixes/tests (edge-manager cascade queueing) and webhook improvements (Slack attachments + trigger output processing).

Confidence Score: 3/5

  • This PR is close to mergeable but has a couple of fix-required issues affecting permissions enforcement and UI stability.
  • Core feature wiring looks consistent (DB/API/UI/executor), but (1) load_skill execution currently bypasses the new disableSkills access-control check, and (2) the SkillInput UI can crash if permission config isn’t available on initial render. Fixing these should materially reduce merge risk.
  • apps/sim/tools/index.ts, apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx, packages/db/migrations/0152_parallel_frog_thor.sql

Important Files Changed

Filename Overview
apps/sim/app/api/skills/route.ts Adds CRUD API for workspace-scoped skills with permission checks and validation.
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx Implements skill selection UI for agent blocks; currently can crash if permission config is undefined while loading.
apps/sim/ee/access-control/utils/permission-check.ts Adds SkillsNotAllowedError and validateSkillsAllowed enforcement helper.
apps/sim/executor/execution/edge-manager.test.ts Adds regression tests ensuring sentinel_end not queued on fully deactivated loop branch.
apps/sim/executor/execution/edge-manager.ts Adjusts cascade terminal control-node queuing to only occur when all outgoing edges deactivate.
apps/sim/executor/handlers/agent/agent-handler.ts Injects skills metadata into system prompt and adds load_skill tool; permission bypass risk remains in tools/index.ts handler.
apps/sim/executor/handlers/agent/skills-resolver.ts Implements skills metadata/content resolution and tool definition builder (no direct issues found here).
apps/sim/executor/utils/block-data.ts Adds schema derivation for evaluator metrics and responseFormat fields (no critical issues found).
apps/sim/lib/webhooks/utils.server.ts Adds Slack file download support with SSRF guards, size/count limits, and webhook input formatting updates.
apps/sim/lib/workflows/skills/operations.ts Implements transactional upsertSkills with duplicate-name checks and workspace scoping.
apps/sim/tools/index.ts Adds load_skill tool execution; currently does not enforce disableSkills permission (bypass).
packages/db/migrations/0152_parallel_frog_thor.sql Adds skill table migration; file currently missing trailing newline.
packages/db/schema.ts Adds skill table schema with workspace/name unique index and timestamps.

Sequence Diagram

sequenceDiagram
  participant UI as Sim UI (Agent block)
  participant API as /api/skills
  participant DB as Postgres (skill table)
  participant EX as Executor (AgentBlockHandler)
  participant LLM as LLM Provider
  participant TOOLS as executeTool()

  UI->>API: GET /api/skills?workspaceId=...
  API->>DB: SELECT skill rows by workspace_id
  DB-->>API: skills (name/description/content)
  API-->>UI: skills list

  UI->>EX: Run workflow with Agent block (skills selected)
  EX->>DB: resolveSkillMetadata(skillIds, workspaceId)
  DB-->>EX: [{name, description}]
  EX->>LLM: System prompt + <available_skills> metadata
  EX->>LLM: Tools include load_skill(skill_name enum)

  LLM->>TOOLS: call load_skill({skill_name, _context.workspaceId})
  TOOLS->>DB: resolveSkillContent(skill_name, workspaceId)
  DB-->>TOOLS: markdown content
  TOOLS-->>LLM: tool result {content}
  LLM-->>EX: Final response using loaded instructions
Loading

greptile-apps[bot]
greptile-apps bot reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 6, 2026

@greptile

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 6, 2026

@cursor review

cursor[bot]
cursor bot reviewed Feb 6, 2026
View reviewed changes
greptile-apps[bot]
greptile-apps bot reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

7 files reviewed, 4 comments

Edit Code Review Agent Settings | Greptile

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 6, 2026

Additional Comments (1)

apps/sim/tools/index.ts
Missing authz for skill loads

executeTool handles load_skill by trusting params._context?.workspaceId, but it never verifies that the running agent/workflow is actually allowed to read skills for that workspace (or that the requested skill is among the agent’s selected skills). Any prompt/tool-call that can set _context.workspaceId can fetch arbitrary skill content from that workspace, bypassing the permission-group disableSkills enforcement added in the agent handler.

At minimum, gate load_skill with the same permission check used for execution (e.g. validateSkillsAllowed(ctx.userId, ctx)), and ideally restrict loads to the skill IDs/names attached to the agent block for this run (so the model can’t enumerate/fetch other workspace skills).

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/index.ts
Line: 218:220

Comment:
**Missing authz for skill loads**

`executeTool` handles `load_skill` by trusting `params._context?.workspaceId`, but it never verifies that the running agent/workflow is actually allowed to read skills for that workspace (or that the requested skill is among the agent’s selected skills). Any prompt/tool-call that can set `_context.workspaceId` can fetch arbitrary skill content from that workspace, bypassing the permission-group `disableSkills` enforcement added in the agent handler.

At minimum, gate `load_skill` with the same permission check used for execution (e.g. `validateSkillsAllowed(ctx.userId, ctx)`), and ideally restrict loads to the skill IDs/names attached to the agent block for this run (so the model can’t enumerate/fetch other workspace skills).

How can I resolve this? If you propose a fix, please make it concise.

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 6, 2026

@greptile

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 6, 2026

@cursor review

cursor[bot]
cursor bot reviewed Feb 6, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

icecrasher321 and others added 5 commits February 6, 2026 10:12
@icecrasher321 @waleedlatif1
fix(executor): loop sentinel-end wrongly queued (#3148)
f23741c 
* fix(executor):  loop sentinel-end wrongly queued

* fix nested subflow error highlighting
@waleedlatif1
fix(linear): align tool outputs, queries, and pagination with API (#3150
6718bb3 
)

* fix(linear): align tool outputs, queries, and pagination with API

* fix(linear): coerce first param to number, remove duplicate conditions, add null guard
@icecrasher321 @waleedlatif1
fix(resolver): response format and evaluator metrics in deactivated b…
4236f2e 
…ranch (#3152)

* fix(resolver): response format in deactivated branch

* add evaluator metrics too

* add child workflow id to the workflow block outputs

* cleanup typing
@waleedlatif1
feat(slack): add file attachment support to slack webhook trigger (#3151
3022d66 
)

* feat(slack): add file attachment support to slack webhook trigger

* additional file handling

* lint

* ack comment
@waleedlatif1
fix(skills): hide skill selection when disabled, remove dead code
c3cee45
greptile-apps[bot]
greptile-apps bot reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

13 files reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

@waleedlatif1 waleedlatif1 merged commit 71bd535 into staging Feb 6, 2026
11 checks passed
@waleedlatif1 waleedlatif1 deleted the feat/skills branch February 6, 2026 19:38
@waleedlatif1 waleedlatif1 mentioned this pull request Feb 7, 2026
Merged
royceP2 pushed a commit to arenadeveloper02/p2-sim that referenced this pull request Mar 3, 2026
@waleedlatif1 @icecrasher321
feat(skills): added skills to agent block (simstudioai#3149)
751c5f7 
* feat(skills): added skills to agent block

* improvement(skills): audit fixes, docs, icon, and UX polish

* fix(skills): consolidate redundant permission checks in POST and DELETE

* more friendly error for duplicate skills in the same workspace

* fix(executor):  loop sentinel-end wrongly queued (simstudioai#3148)

* fix(executor):  loop sentinel-end wrongly queued

* fix nested subflow error highlighting

* fix(linear): align tool outputs, queries, and pagination with API (simstudioai#3150)

* fix(linear): align tool outputs, queries, and pagination with API

* fix(linear): coerce first param to number, remove duplicate conditions, add null guard

* fix(resolver): response format and evaluator metrics in deactivated branch (simstudioai#3152)

* fix(resolver): response format in deactivated branch

* add evaluator metrics too

* add child workflow id to the workflow block outputs

* cleanup typing

* feat(slack): add file attachment support to slack webhook trigger (simstudioai#3151)

* feat(slack): add file attachment support to slack webhook trigger

* additional file handling

* lint

* ack comment

* fix(skills): hide skill selection when disabled, remove dead code

---------

Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1 @icecrasher321