feat(tasks): install and apply skill bundle artifacts in the sandbox

[tatoalo]

Problem

for cloud tasks, local skill invocations only sent the slash command text. User-local and repo-local skills were available in the local editor but not in the cloud sandbox

Changes

• let's bundle uploadable local skills into zip artifacts with SHA-256 metadata and send them through the existing cloud artifact upload flow.

• install skill_bundle artifacts in the agent server before prompt delivery, inject the bundled skill instructions for the invoked turn, and suppress the raw slash command from the model-facing prompt so local skills behave like actual skills rather than unsupported commands

• refresh slash command metadata when a follow-up command is submitted, so newly created local skills can be selected and invoked without starting a brand-new task.

closes #2260

[tatoalo]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• feat(tasks): surface local skills in the composer and upload on send #2926
• feat(tasks): route local skill tags through the cloud prompt pipeline #2925
• feat(tasks): install and apply skill bundle artifacts in the sandbox #2924 👈 (View in Graphite)
• feat(tasks): bundle local skills into sha256-verified zip artifacts #2923
• feat(tasks): add skill bundle artifact contracts and metadata types #2922
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

React Doctor found no issues in the changed files. 🎉

_{Reviewed by React Doctor for commit bcbc926.}

[greptile-apps]

Comments Outside Diff (1)

1. packages/agent/src/server/agent-server.ts, line 686-693 (link)

   TOCTOU race in deduplication guard

   The check-then-act pattern is not safe across await boundaries. Two concurrent calls for the same installKey can both pass the guard before either call adds the key to installedSkillBundles (which happens only after the full install at line ~755). If installSkillBundleArtifacts is ever called concurrently for the same artifact — e.g., if a future code path triggers it in parallel — both calls will race through rm/mkdir/write, potentially corrupting the extracted tree or causing ENOENT when call B removes the directory that call A is still writing into.

   A straightforward fix is to add the key to installedSkillBundles immediately after the guard passes (as a "claimed" sentinel) and reset it on failure, or to use a Map<string, Promise<void>> of in-flight installs.

_{Reviews (1): Last reviewed commit: "feat(tasks): install and apply skill bun..." | Re-trigger Greptile}

[greptile-apps]

_{Reviews (2): Last reviewed commit: "feat(tasks): install and apply skill bun..." | Re-trigger Greptile}

[k11kirky]

This feels kinda risky to me what if a the string is "hello please run /skill_name - thank you" could the tokens split the skill name?

[tatoalo]

chunk is an ACP prompt content block, not model tokens, and the matcher is anchored to a slash command at the start of the trimmed block so that ^ example would not fly

It also can't reach this as a "skill" at all since localSkillName is only set when the leading text block parses as / and exactly equals an installed skill_bundle artifact's skill_name. The name is captured and compared by full equality so ther;s no tokenization, no prefix matches, and the skill name never feeds the regex