Skip to content

Commit 7596ad4

Browse files
committed
docs: clarify skills is a context filter, not a sandbox
Unlisted skills are hidden from the listing and blocked at the Skill tool, but their files remain readable via Read/Bash. Document the boundary and the alternatives (local plugin, deny rules) for users who need hard isolation.
1 parent c8dd3f1 commit 7596ad4

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

src/claude_agent_sdk/types.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1233,6 +1233,16 @@ class ClaudeAgentOptions:
12331233
# * ``[]``: enable all discovered skills.
12341234
# * ``[name, ...]``: enable only the listed skills (added as
12351235
# ``Skill(name)`` entries in ``--allowedTools``).
1236+
#
1237+
# .. note::
1238+
# This is a **context filter**, not a sandbox. Unlisted skills are
1239+
# hidden from the model's skill listing and cannot be invoked via the
1240+
# Skill tool, but their files remain on disk — a session with ``Read``
1241+
# or ``Bash`` can still access ``.claude/skills/**`` directly. For
1242+
# hard isolation, either omit those files from the working directory,
1243+
# bundle the desired subset as a local plugin (``plugins=[...]`` with
1244+
# ``setting_sources=None``), or add explicit permission deny rules.
1245+
# Do not store secrets in skill files.
12361246
skills: list[str] | None = None
12371247
# Sandbox configuration for bash command isolation.
12381248
# Filesystem and network restrictions are derived from permission rules (Read/Edit/WebFetch),

0 commit comments

Comments
 (0)