feat(skills): add content size limits for agent-created skills#4391
Open
feat(skills): add content size limits for agent-created skills#4391
Conversation
Agent writes via skill_manage (create/edit/patch/write_file) are now constrained to prevent unbounded growth: - SKILL.md and supporting files: 100,000 character limit - Supporting files: additional 1 MiB byte limit - Patches on oversized hand-placed skills that reduce the size are allowed (shrink path), but patches that grow beyond the limit are rejected Hand-placed skills and hub-installed skills have NO hard limit — they load and function normally regardless of size. Hub installs get a warning in the log if SKILL.md exceeds 100k chars. This mirrors the memory system's char_limit pattern. Without this, the agent auto-grows skills indefinitely through iterative patches (hermes-agent-dev reached 197k chars / 72k tokens — 40x larger than the largest skill in the entire skills.sh ecosystem). Constants: MAX_SKILL_CONTENT_CHARS (100k), MAX_SKILL_FILE_BYTES (1MiB) Tests: 14 new tests covering all write paths and edge cases
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds character and file size limits to agent skill writes, preventing unbounded growth through iterative auto-updates. Mirrors the memory system's char_limit pattern.
The Problem
The agent auto-grows skills via
skill_manage(action='patch')without any constraint:hermes-agent-dev: 197,761 chars (~72k tokens)pr-triage-salvage: 178,528 chars (~65k tokens)For comparison, the largest skill in the entire skills.sh ecosystem (anthropics, vercel-labs, microsoft, community) is ~5,000 chars. Our agent-grown skills are 40x larger than anything in the wild.
Design
Two-tier approach (matching Codex's philosophy + Clawdbot's constraints):
/skills install)skill_manage)Patches on oversized hand-placed skills: allowed if the result is within limits (shrink path), rejected if it would grow further.
Changes
tools/skill_manager_tool.py:MAX_SKILL_CONTENT_CHARS = 100_000(~36k tokens)MAX_SKILL_FILE_BYTES = 1_048_576(1 MiB)_validate_content_size()— checks content against char limit_create_skill(),_edit_skill(),_patch_skill(),_write_file()tools/skills_hub.py:install_from_quarantine()when SKILL.md exceeds 100k charsTests: 14 new tests covering all write paths, boundary cases, oversized hand-placed skill loading, and shrink-via-patch.