feat(plan): allow skills to be enabled in plan mode

[Adib234]

Summary

This change enables the activate_skill tool in Plan Mode, allowing the agent to research specialized expert guidance while still maintaining strict read-only constraints. Although skills can now be activated to provide procedural instructions, any scripts or executable tools bundled with them remain blocked by policy to ensure a safe planning environment.

Details

• Tool Availability: Added activate_skill to the PLAN_MODE_TOOLS registry, making it accessible to the agent when the session is transitioned into Plan Mode.
• Policy Update: Updated plan.toml to grant ALLOW permission for activate_skill with a priority of 70, ensuring it overrides the catch-all Plan Mode DENY rule.
• Safety Messaging: Refined the Plan Mode deny_message in the policy to explicitly state that script execution is prohibited. This provides clear feedback to the agent and the user if a skill attempts to run an unauthorized command (e.g., via run_shell_command).

Related Issues

Fixes #18157

How to Validate

The tool for skill should be activated if the prompt relates to a skill in plan mode, however the skill should never be able to run scripts in plan mode

Screen.Recording.2026-02-06.at.11.03.52.AM.mov

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @Adib234, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the agent's capabilities in Plan Mode by allowing the "activate_skill" tool, enabling access to expert guidance for research and planning. Crucially, it maintains a secure environment by strictly preventing any script or executable tool bundled with skills from running, ensuring read-only constraints are upheld.

Highlights

• Skill Activation in Plan Mode: The "activate_skill" tool is now enabled in Plan Mode, allowing agents to access specialized guidance without executing scripts.
• Policy Enforcement: Policy rules were updated to explicitly allow "activate_skill" with a higher priority while maintaining a strict denial of script execution.
• User Feedback: The "deny_message" in Plan Mode was refined to clearly inform users that script execution, including those from skills, is prohibited.

Changelog

• packages/core/src/policy/policies/plan.toml
  • Modified the "deny_message" to explicitly state that script execution is blocked in Plan Mode.
  • Added "activate_skill" to the list of tools explicitly allowed in Plan Mode with a higher priority.
• packages/core/src/policy/policy-engine.test.ts
  • Introduced a new test suite for Plan Mode to verify that "activate_skill" is allowed while "run_shell_command" is denied, and the correct deny message is returned.
• packages/core/src/tools/tool-names.ts
  • Added "ACTIVATE_SKILL_TOOL_NAME" to the "PLAN_MODE_TOOLS" array, making it available for use in Plan Mode.

Activity

• No human activity has occurred on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request enables the activate_skill tool in Plan Mode, which is a valuable feature. The changes are well-implemented across the policy configuration, tool definitions, and tests. The new test in policy-engine.test.ts correctly validates that activate_skill is permitted while other potentially unsafe tools like run_shell_command remain blocked, ensuring the read-only constraints of Plan Mode are respected. The updated deny_message also provides clearer feedback. The implementation is solid and I have no major concerns.

[github-actions]

Size Change: +30 B (0%)

Total Size: 24.3 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	24.3 MB	+30 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}