Document shared agent skills#25588
Conversation
The Sandboxes docs did not explain how to import host agent skills or account for the writable store in the security model. Document the supported paths and behavior, clarify the narrow cross-sandbox trust boundary, and update related security, lifecycle, and FAQ guidance. Co-Authored-By: Codex <noreply@openai.com>
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The documentation changes are clean and well-written. Content accurately describes the shared agent skills feature across architecture, FAQ, security, and usage files. No Vale-flagged style violations, no missing front matter, no broken references, and the sbx skills import command is properly cross-referenced in workflows.md.
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟡 NEEDS ATTENTION
| communicate directly over the network. Raw TCP, UDP, and ICMP are blocked at | ||
| the network layer. | ||
|
|
||
|  |
There was a problem hiding this comment.
[MEDIUM] Security diagram alt-text is now incomplete after adding shared agent skills to the boundary description
The PR adds the shared agent skills store to the trust-boundary bullet lists ("What crosses the boundary into the VM" and "What crosses the boundary back to the host"), but the alt-text of the diagram image directly below remains unchanged. It still says only "The workspace directory is shared read-write" — it no longer mentions the shared skills store as a second cross-boundary share.
This leaves the diagram description inaccurate for screen-reader users and anyone relying on the alt-text alone. Consider updating the alt-text to reflect both shared paths, for example:
"…The workspace directory and shared agent skills store are shared read-write. Host filesystem, processes, Docker Engine, and network are outside the VM and not accessible. A proxy enforces allow/deny policies and injects credentials into outbound requests."
If the diagram image itself will be updated in a follow-up PR, a brief note in the alt-text (or a caption) that the diagram predates the shared skills feature would also address this.
Summary
Document how
sbximports host agent skills and shares them through a persistent, writable store. Update security and lifecycle guidance to describe the cross-sandbox trust boundary and per-sandbox opt-out.Generated by Codex