Harden skill packaging and verification#4
Conversation
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b96c1cc91e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if "allowed-tools" in data and (not isinstance(allowed_tools, str) or not allowed_tools.strip()): | ||
| fail(f"frontmatter allowed-tools must be a non-empty string in {display_path(skill_md)}", issues) |
There was a problem hiding this comment.
Accept list-form allowed-tools
When a skill uses list-form allowed-tools to preapprove multiple tools in the .claude/skills mirror, Claude Code accepts a YAML list as well as a string, but this verifier now flags any non-string value and makes scripts/verify_all.py fail for an otherwise valid skill package. The previous test fixture used this list form, so this regression will block legitimate mirror updates as soon as tool permissions are added that way.
Useful? React with 👍 / 👎.
Summary
Self-review
Verification