[Draft] Agent Skills

[supreme-gg-gg]

This PR is part of a series of features aiming to introduce agent skills like Claude: https://docs.claude.com/en/docs/agents-and-tools/agent-skills/overview

Usage

1. Obtain some skills from Anthropic's public repo or write your own

2. Update your agent to use skill and bash tools, if needed the artifacts related tools as well

from kagent.adk.skills import BashTool, SkillsTool

# Define the path to the skills directory, relative to this file.
SKILLS_DIR = Path(__file__).parent.parent / "skills"

agent = Agent(
    model="gemini-2.5-flash",
    name="skills_agent",
    description="An agent using skills to assist the user.",
    instruction="You are a helpful assistant that uses various skills to assist the user.",
    tools=[
        SkillsTool(skills_directory=SKILLS_DIR),  # Discover and load skills
        BashTool(skills_directory=SKILLS_DIR),  # Execute commands
    ],
)

3. Alternatively, directly use the plugin in your app this enables these tools for all agents in a multi-agent system:

from kagent.adk.skills import SkillsPlugin
# Optional below
from google.adk.plugins.save_files_as_artifacts_plugin import SaveFilesAsArtifactsPlugin

kagent_app = KAgentApp(
        root_agent=agent,
        agent_card=agent_card,
        kagent_url=config.url,
        app_name=config.app_name,
        plugins=[
            SkillsPlugin(skills_directory=SKILLS_DIR),
            SaveFilesAsArtifactsPlugin(),
        ],
    )

Limitations

• User cannot upload or download files, for upload it's technically supported if you write your own script but for the UI we require [FEATURE] Upload files #885. For download we will need a non-in-memory artifact service, currently we use InMemoryArtifactService to save uploaded files and stage them to the working directory as a tool

• The agent is not very good at writing code due to 1. The bash tool is not robust, cd and some other command sometimes fails, this will be solved once we have a better code executor / sandbox 2. (Possibly) not enough tools for the agent to use to write code like write, read, edit, search, etc. commonly given to coding agents, it is reliant on very basic shell commands like cat and printf

• This only works with BYO agents + build from source (not from the kagent-adk image)

Testing

This is tested on the following skills from https://github.com/anthropics/skills and Claude Cookbook

• brand-guidelines: covers most simple cases where reading markdown files is enough
• analyzing-financial-statement: slightly more difficult, involves finding and running scripts, manages user CSV data
• slack-gif-creator: this requires the agent to write and run code with snippets provided, the agent occasionally runs into issues with the bash tool that will probably be solved with the proper sandbox environment

The above performances are subject to the "limitations" discussed. However, some of them can be bypassed by running the agent just locally.

[supreme-gg-gg]

I will probably remove this skills system prompt function because the agent knows the system well enough just from the tools

[EItanya]

Great start! I am going to merge this and then we can continue to iterate

[Copilot]

Pull Request Overview

This PR introduces a skills system for the kagent-adk package with a two-tool architecture that separates skill discovery/loading from command execution. The implementation provides a filesystem-based approach to managing specialized agent capabilities with progressive disclosure and security sandboxing.

Key changes:

• Introduces a two-tool pattern: SkillsTool for discovering and loading skills, and BashTool for executing commands
• Adds StageArtifactsTool to bridge artifact storage with the local filesystem for skills workflow
• Updates logger naming from "google_adk" to "kagent_adk" for consistency

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
stage_artifacts_tool.py	New tool for staging artifacts from artifact service to local filesystem with session isolation
skills_toolset.py	Toolset wrapper providing SkillsTool and BashTool together
skills_plugin.py	Plugin for auto-registering skills tools to LLM agents in multi-agent apps
skill_tool.py	Tool for discovering and loading skill instructions from SKILL.md files
skill_system_prompt.py	Optional comprehensive system prompt for skills-focused agents
bash_tool.py	Sandboxed bash execution tool with command whitelisting and timeouts
init.py	Module exports for the skills package
README.md	Comprehensive documentation of the skills system architecture
_agent_executor.py	Logger naming update from "google_adk" to "kagent_adk"
_a2a.py	Integration updates to support plugins and artifact service

Comments suppressed due to low confidence (2)

python/packages/kagent-adk/src/kagent/adk/skills/bash_tool.py:1

• The documentation states to never use 'python -c', but the tool doesn't actually validate or block this pattern. The command validation in _validate_command_part only checks the base command against DANGEROUS_COMMANDS, not the arguments. Either implement validation to block -c flag or remove this constraint from the documentation.

"""Simplified bash tool for executing shell commands in skills context."""

python/packages/kagent-adk/src/kagent/adk/skills/bash_tool.py:1

• [nitpick] The code uses positional parameters in the get_session_staging_path call. Consider using keyword arguments for better readability and to prevent argument ordering mistakes, especially since this function is called from multiple places with multiple parameters.

"""Simplified bash tool for executing shell commands in skills context."""

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The path traversal check has a logical flaw. It should verify that staging_root is a parent of destination_dir, but the condition checks if staging_root is NOT in parents AND not equal. An attacker could potentially bypass this by using paths that resolve outside staging_root. Use destination_dir.is_relative_to(staging_root) (Python 3.9+) or ensure staging_root in destination_dir.parents or destination_dir == staging_root for correct validation.

Suggested change

	if staging_root not in destination_dir.parents and destination_dir != staging_root:
	if not destination_dir.is_relative_to(staging_root):

[Copilot]

Using mutable default argument None is correct, but the parameter type annotation should be Optional[List[BasePlugin]] or List[BasePlugin] | None for clarity and to match the pattern used elsewhere in the codebase (e.g., line 76 where it's checked for None).