fix(skill): validate resource path before activating skill#1308
Merged
LearningGp merged 3 commits intoApr 29, 2026
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses a bug in the load_skill_through_path built-in tool where invalid resource paths (e.g., ".") could lead to a skill being activated before the path/resource was validated, and improves schema/tool guidance to reduce model misuse.
Changes:
- Updated
load_skill_through_pathtool description and JSON schema parameter description to explicitly guide usingpath="SKILL.md"and discourage invalid paths like".". - Reordered skill activation so the skill is activated only after
SKILL.mdor a valid resource has been successfully resolved. - Added regression tests to verify the updated tool/schema guidance and that invalid paths do not activate the skill.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| agentscope-core/src/main/java/io/agentscope/core/skill/SkillToolFactory.java | Updates tool description/schema text and moves skill activation to occur only after successful resource load. |
| agentscope-core/src/test/java/io/agentscope/core/skill/SkillBoxToolsTest.java | Adds assertions for improved tool/schema guidance and a regression test ensuring invalid path="." does not activate the skill. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Collaborator
|
PTAL @fang-tech |
fang-tech
requested changes
Apr 28, 2026
liangxingguang
pushed a commit
to liangxingguang/agentscope-java
that referenced
this pull request
May 21, 2026
…e-ai#1308) ## AgentScope-Java Version 1.0.12-SNAPSHOT ## Description Closes agentscope-ai#1289. This PR fixes the `load_skill_through_path` behavior when the model passes an invalid resource path such as `.`. Background: - The tool description and `path` parameter schema were incomplete/malformed, which could mislead models about how to load skill content. - Calling `load_skill_through_path` with an invalid path returned an error, but still activated the skill before validating the resource path. Changes made: - Clarified the tool description to explicitly instruct models to use `path="SKILL.md"` for skill documentation. - Clarified the `path` parameter description and explicitly disallowed `.`, `./`, directories, and absolute paths. - Changed activation order so a skill is activated only after `SKILL.md` or a valid resource path is successfully loaded. - Added regression tests for tool/schema guidance and invalid-path activation behavior. How to test: - Run `mvn -pl agentscope-core -Dtest='io.agentscope.core.skill.*Test' test` ## Checklist Please check the following items before code is ready to be reviewed. - [ ] Code has been formatted with `mvn spotless:apply` - [x] All tests are passing (`mvn -pl agentscope-core -Dtest='io.agentscope.core.skill.*Test' test`) - [x] Javadoc comments are complete and follow project conventions - [ ] Related documentation has been updated (e.g. links, examples, etc.) - [x] Code is ready for review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AgentScope-Java Version
1.0.12-SNAPSHOT
Description
Closes #1289.
This PR fixes the
load_skill_through_pathbehavior when the model passes an invalid resource path such as..Background:
pathparameter schema were incomplete/malformed, which could mislead models about how to load skill content.load_skill_through_pathwith an invalid path returned an error, but still activated the skill before validating the resource path.Changes made:
path="SKILL.md"for skill documentation.pathparameter description and explicitly disallowed.,./, directories, and absolute paths.SKILL.mdor a valid resource path is successfully loaded.How to test:
mvn -pl agentscope-core -Dtest='io.agentscope.core.skill.*Test' testChecklist
Please check the following items before code is ready to be reviewed.
mvn spotless:applymvn -pl agentscope-core -Dtest='io.agentscope.core.skill.*Test' test)