fix(agent): restrict background review agent to memory and skills toolsets

The background skill/memory review agent was created without toolset restrictions, inheriting the full default tool set. This allowed it to use terminal, send_message, delegate_task, and other tools outside its intended scope, potentially performing unrelated side effects after skill creation. Restrict the review agent to only memory and skills toolsets by passing enabled_toolsets=['memory', 'skills'] during AIAgent construction. Fixes #15204
2026-04-28 06:51:16 +08:00 · 2026-04-26 18:06:07 +08:00
parent a59a98b180
commit 8ad29a938a
2 changed files with 83 additions and 0 deletions
--- a/run_agent.py
+++ b/run_agent.py
@@ -3266,6 +3266,7 @@ class AIAgent:
                        api_key=_parent_runtime.get("api_key") or None,
                        credential_pool=getattr(self, "_credential_pool", None),
                        parent_session_id=self.session_id,
+                        enabled_toolsets=["memory", "skills"],
                    )
                    review_agent._memory_write_origin = "background_review"
                    review_agent._memory_write_context = "background_review"