Align SKILL.md parser with agentskills.io specification #686
Description
Context
Audit of crates/zeph-skills/src/loader.rs against the Agent Skills specification revealed several conformance gaps.
Findings
1. allowed-tools delimiter (high)
Spec defines allowed-tools as space-delimited:
allowed-tools: Bash(git:*) Bash(jq:*) ReadParser uses comma-delimited (split(',')), so skills written per spec will be parsed as a single tool string instead of multiple entries.
Fix: split on whitespace instead of commas in parse_frontmatter().
2. metadata nested YAML not supported (medium)
Spec defines metadata as a nested map:
metadata:
author: example-org
version: "1.0"Parser handles only flat key: value lines. Nested keys under metadata: are treated as top-level pairs. This means skills from external sources using nested metadata will be parsed incorrectly.
Fix: either use a proper YAML parser for frontmatter (e.g. serde_yaml) or implement indentation-aware parsing for the metadata block.
3. Field length validation missing (low)
Spec constrains:
description: max 1024 characterscompatibility: max 500 characters
Parser does not enforce these limits.
Fix: add length checks in load_skill_meta() after extracting values.
4. ASCII-only name validation (info)
Spec allows "unicode lowercase alphanumeric" in name. Parser only accepts ASCII lowercase (is_ascii_lowercase). This is a deliberate strictness — no action needed unless unicode skill names become a requirement.
Priority
1 > 2 > 3. Item 4 is informational.
References
- Spec: https://agentskills.io/specification.md
- Parser:
crates/zeph-skills/src/loader.rs