Feature Proposal: Skill Validator and Permission Declaration for Agent Skills

[tlb-lemrabott]

Problem Statement

Currently, Spring AI Agent Skills can execute scripts and access local resources without explicit permission declarations or validation.
When using third-party skills, this creates potential risks because skills may:

• access the filesystem
• execute shell commands
• perform network requests
• run external scripts

There is no built-in mechanism to validate a skill package before execution or ensure that the skill explicitly declares its required permissions.

This makes it difficult to safely reuse community or third-party skills in production environments.

---

Proposed Solution

Introduce a Skill Validator layer in the repo that validates skills before execution.

The validator would:

• Require explicit permission declarations in SKILL.md
• Validate the presence and correctness of required fields
• Inspect referenced files and scripts
• Detect potentially dangerous patterns
• Classify skill risk level
• Provide a short warning before execution
• Block or require approval for risky or invalid skills**

This would provide a security and governance layer for reusable skills.

---

Proposed Components

• SkillValidator: Responsible for:

  • validating required schema fields
  • inspecting skill files and scripts
  • detecting dangerous patterns
  • classifying risk level

• SkillPolicyEngine: Responsible for deciding:

  • allow
  • require approval
  • block

• SkillExecutionGuard: Responsible for enforcing runtime controls:

  • timeout
  • allowed paths
  • execution isolation