validate_skill_size

agpm_cli::skills

Function validate_skill_size 

Source 
pub async fn validate_skill_size(
    skill_path: &Path,
) -> Result<SkillDirectoryInfo>
Expand description

Validate skill directory size and file count before installation.

This prevents malicious or accidentally large skills from consuming excessive disk space or inodes. Checks:

  • File count ≤ MAX_SKILL_FILES (1000)
  • Total size ≤ MAX_SKILL_SIZE_BYTES (100MB)
  • No symlinks (security risk: could point to sensitive files)

§Arguments

  • skill_path - Path to the skill directory to validate

§Returns

  • Ok(SkillDirectoryInfo) - Skill passes all checks, returns collected info
  • Err(anyhow::Error) - Skill exceeds limits or contains symlinks

§Security

This function rejects symlinks to prevent:

  • Data exfiltration (symlink to /etc/passwd, ~/.ssh/id_rsa)
  • Path traversal attacks
  • Unexpected behavior across platforms

§Examples

use agpm_cli::skills::validate_skill_size;
use std::path::Path;

let info = validate_skill_size(Path::new("my-skill")).await?;
println!("Skill has {} files totaling {} bytes", info.files.len(), info.total_size);