Agent Skills: Implement Agent Integration and System Prompt Awareness

[NTaylorMullen]

Summary

This PR integrates the Agent Skills concept into the model's core awareness by implementing dynamic system prompt injection and conditional tool attachment. It enables the "Discovery" phase of the skill lifecycle while maintaining context efficiency.

Details

• System Prompt Injection: Updated getCoreSystemPrompt in packages/core/src/core/prompts.ts to include a dedicated "Skill Guidance" section.
• Scale-safe Discovery: Implemented logic to inject only the name and description of all discovered skills into the system instruction. This allows the model to "know what it knows" without consuming tokens for procedural instructions until they are needed.
• Instruction Priority: Added explicit guidance in the system prompt for the model to prioritize specialized skill instructions over general internal defaults once a skill is activated.
• Quality: Updated prompts.test.ts to verify that skill metadata is correctly injected into the prompt when skills are present.

Related Issues

Part of #15327, Fixes #15689

How to Validate

1. Setup Test Skill:
   Ensure a skill exists in .gemini/skills/expertise/SKILL.md (metadata: name: expertise, description: Expertise in system validation).
2. Launch CLI:
   npm run start (with experimental.skills: true)
3. Verify LLM Awareness:
   Ask the model: What specialized expertise do you have access to right now?
   Expectation: The model should respond by listing the "expertise" skill and correctly describing its purpose based on the metadata in SKILL.md.
4. Verify Procedural Knowledge:
   Ask: How would you go about employing that expertise?
   Expectation: The model should explicitly mention that it needs to call the activate_skill tool to load the detailed instructions and assets associated with that skill.
5. Verify Dynamic Tooling:
   Delete the .gemini/skills/expertise directory, restart the CLI, and ask the same question.
   Expectation: The model should no longer claim access to that specific expertise.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt

[gemini-code-assist]

Summary of Changes

Hello @NTaylorMullen, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the foundational "Agent Skills" concept, allowing the model to dynamically discover and utilize specialized capabilities. It achieves this by intelligently injecting skill metadata into the system prompt and conditionally exposing the activate_skill tool, thereby enhancing the model's awareness and enabling a "Discovery" phase for skills while maintaining token efficiency.

Highlights

• Agent Integration: Implemented dynamic system prompt injection to make the model aware of "Agent Skills" and enable a "Discovery" phase for skill lifecycle.
• System Prompt Enhancement: The getCoreSystemPrompt function now includes a dedicated "Skill Guidance" section, dynamically injecting only the name and description of discovered skills to maintain context efficiency.
• Dynamic Tooling: The activate_skill tool is now conditionally attached and visible to the model only when skills have been discovered in the current session, preventing unnecessary tool exposure.
• Instruction Prioritization: Explicit guidance has been added to the system prompt, instructing the model to prioritize specialized skill instructions over general internal defaults once a skill is activated.
• UI Updates: The useReactToolScheduler.ts file was updated to correctly handle the display and invocation of the activate_skill tool within the interactive UI loop.
• Test Coverage: New tests were added to prompts.test.ts to verify that skill metadata is correctly injected into the system prompt when skills are present and that skill guidance is omitted when no skills are available.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively integrates Agent Skills by dynamically injecting them into the system prompt and managing the activate_skill tool. However, a high-severity prompt injection vulnerability has been identified: maliciously crafted skill files on the user's filesystem can inject arbitrary instructions into the agent's core prompt, potentially leading to arbitrary tool execution. It is recommended to sanitize the skill's name and description before they are included in the prompt. Additionally, a critical issue in useReactToolScheduler.ts could lead to a runtime crash due to unsafe property access on a typed object.

[gemini-code-assist]

This block has a couple of issues:

1. Potential Runtime Crash: trackedCall can have a status of 'scheduled', in which case it is of type TrackedScheduledToolCall and does not have an invocation property. Accessing trackedCall.invocation will cause a crash. You should add a guard to handle this case.

2. Unsafe Type Casting: The cast as unknown as { displayName: string } bypasses TypeScript's type safety. This is risky and makes the code harder to maintain. It would be better to update the AnyToolInvocation type to include an optional displayName property.

Here's a suggested fix for the runtime crash. Addressing the type casting would require changes in other files.

      } else {
        if (trackedCall.status === 'scheduled') {
          displayName = trackedCall.tool.displayName;
          description = JSON.stringify(trackedCall.request.args);
          renderOutputAsMarkdown = false;
        } else {
          displayName =
            (trackedCall.invocation as unknown as { displayName: string })
              .displayName ?? trackedCall.tool.displayName;
          description = trackedCall.invocation.getDescription();
          renderOutputAsMarkdown = trackedCall.tool.isOutputMarkdown;
        }
      }

[abhipatel12]

This LGTM, but the description doesn't seem to match the files changed. Are the allowed tools and UI changes meant to be in this PR or were they moved out?

[NTaylorMullen]

This LGTM, but the description doesn't seem to match the files changed. Are the allowed tools and UI changes meant to be in this PR or were they moved out?

Ahhh I had done some post-PR adjustments to what I wanted to tackle here and forgot to update the actual PR body itself good catch. Edited / updated and addressed all comments!

[abhipatel12]

LGTM! Looks great!

[github-actions]

Size Change: +1.23 kB (+0.01%)

Total Size: 22.2 MB

Filename	Size	Change
./bundle/gemini.js	22.2 MB	+1.23 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}