feat(skills): added skills to agent block

[waleedlatif1]

Summary

Adds Agent Skills as a first-class feature — reusable prompt/instruction packages that users can create, manage, and attach to Agent blocks. Follows the agentskills.io open specification.

Architecture

Skills use progressive disclosure to keep context lean:

1. Metadata only (name + description) is injected into the system prompt as <available_skills> XML so the LLM knows what's available
2. An auto-injected load_skill tool lets the LLM load full skill content on-demand when it decides a skill is relevant
3. Full markdown instructions enter context as a tool response — not bloating the system prompt

This works across all providers (OpenAI, Anthropic, Gemini, etc.) using standard tool-calling — no provider-specific code needed.

What's included

• DB schema: skill table with workspace-scoped unique name index
• API: CRUD routes at /api/skills with workspace permission checks
• Settings UI: Skills tab under Tools with create/edit/delete modal
• Agent block: skill-input subblock (Combobox dropdown for skill selection)
• Execution: skills-resolver.ts for metadata/content resolution, load_skill handler in tools/index.ts
• Permissions: disableSkills wired end-to-end (permission groups API, access control UI, settings modal, executor validation)
• Docs: Skills documentation page
• Icon: agentskills.io hexagon favicon

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Feb 6, 2026 6:14pm

[greptile-apps]

Greptile Overview

Greptile Summary

• Introduces Agent Skills: workspace-scoped skill entities (name/description/content) with CRUD API and settings UI for creation/edit/deletion.
• Extends agent block configuration with a skill-input sub-block and executor support for progressive-disclosure skill usage (inject metadata in system prompt + load_skill tool).
• Adds access-control plumbing for disableSkills across permission group APIs, config parsing/defaults, and admin UI.
• Includes related executor fixes/tests (edge-manager cascade queueing) and webhook improvements (Slack attachments + trigger output processing).

Confidence Score: 3/5

• This PR is close to mergeable but has a couple of fix-required issues affecting permissions enforcement and UI stability.
• Core feature wiring looks consistent (DB/API/UI/executor), but (1) load_skill execution currently bypasses the new disableSkills access-control check, and (2) the SkillInput UI can crash if permission config isn’t available on initial render. Fixing these should materially reduce merge risk.
• apps/sim/tools/index.ts, apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx, packages/db/migrations/0152_parallel_frog_thor.sql

Important Files Changed

Filename	Overview
apps/sim/app/api/skills/route.ts	Adds CRUD API for workspace-scoped skills with permission checks and validation.
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/skill-input/skill-input.tsx	Implements skill selection UI for agent blocks; currently can crash if permission config is undefined while loading.
apps/sim/ee/access-control/utils/permission-check.ts	Adds SkillsNotAllowedError and validateSkillsAllowed enforcement helper.
apps/sim/executor/execution/edge-manager.test.ts	Adds regression tests ensuring sentinel_end not queued on fully deactivated loop branch.
apps/sim/executor/execution/edge-manager.ts	Adjusts cascade terminal control-node queuing to only occur when all outgoing edges deactivate.
apps/sim/executor/handlers/agent/agent-handler.ts	Injects skills metadata into system prompt and adds load_skill tool; permission bypass risk remains in tools/index.ts handler.
apps/sim/executor/handlers/agent/skills-resolver.ts	Implements skills metadata/content resolution and tool definition builder (no direct issues found here).
apps/sim/executor/utils/block-data.ts	Adds schema derivation for evaluator metrics and responseFormat fields (no critical issues found).
apps/sim/lib/webhooks/utils.server.ts	Adds Slack file download support with SSRF guards, size/count limits, and webhook input formatting updates.
apps/sim/lib/workflows/skills/operations.ts	Implements transactional upsertSkills with duplicate-name checks and workspace scoping.
apps/sim/tools/index.ts	Adds load_skill tool execution; currently does not enforce disableSkills permission (bypass).
packages/db/migrations/0152_parallel_frog_thor.sql	Adds skill table migration; file currently missing trailing newline.
packages/db/schema.ts	Adds skill table schema with workspace/name unique index and timestamps.

Sequence Diagram

sequenceDiagram
  participant UI as Sim UI (Agent block)
  participant API as /api/skills
  participant DB as Postgres (skill table)
  participant EX as Executor (AgentBlockHandler)
  participant LLM as LLM Provider
  participant TOOLS as executeTool()

  UI->>API: GET /api/skills?workspaceId=...
  API->>DB: SELECT skill rows by workspace_id
  DB-->>API: skills (name/description/content)
  API-->>UI: skills list

  UI->>EX: Run workflow with Agent block (skills selected)
  EX->>DB: resolveSkillMetadata(skillIds, workspaceId)
  DB-->>EX: [{name, description}]
  EX->>LLM: System prompt + <available_skills> metadata
  EX->>LLM: Tools include load_skill(skill_name enum)

  LLM->>TOOLS: call load_skill({skill_name, _context.workspaceId})
  TOOLS->>DB: resolveSkillContent(skill_name, workspaceId)
  DB-->>TOOLS: markdown content
  TOOLS-->>LLM: tool result {content}
  LLM-->>EX: Final response using loaded instructions

Loading

[greptile-apps]

_{6 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[greptile-apps]

_{7 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

apps/sim/tools/index.ts
Missing authz for skill loads

executeTool handles load_skill by trusting params._context?.workspaceId, but it never verifies that the running agent/workflow is actually allowed to read skills for that workspace (or that the requested skill is among the agent’s selected skills). Any prompt/tool-call that can set _context.workspaceId can fetch arbitrary skill content from that workspace, bypassing the permission-group disableSkills enforcement added in the agent handler.

At minimum, gate load_skill with the same permission check used for execution (e.g. validateSkillsAllowed(ctx.userId, ctx)), and ideally restrict loads to the skill IDs/names attached to the agent block for this run (so the model can’t enumerate/fetch other workspace skills).

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/sim/tools/index.ts
Line: 218:220

Comment:
**Missing authz for skill loads**

`executeTool` handles `load_skill` by trusting `params._context?.workspaceId`, but it never verifies that the running agent/workflow is actually allowed to read skills for that workspace (or that the requested skill is among the agent’s selected skills). Any prompt/tool-call that can set `_context.workspaceId` can fetch arbitrary skill content from that workspace, bypassing the permission-group `disableSkills` enforcement added in the agent handler.

At minimum, gate `load_skill` with the same permission check used for execution (e.g. `validateSkillsAllowed(ctx.userId, ctx)`), and ideally restrict loads to the skill IDs/names attached to the agent block for this run (so the model can’t enumerate/fetch other workspace skills).

How can I resolve this? If you propose a fix, please make it concise.

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[greptile-apps]

_{13 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}