Most of the coding agents support reading skills in ~/.agents/skills. It seems that only Claude code hasn't adopted this spec. I am not sure about the future of this. Anyway good work, we need a unified skill marketplace for different agents.
Thanks! You're touching on exactly the problem Skills Manager tries to solve — right now it reads from each agent's native path (Claude's ~/.claude/commands, Cursor rules, Windsurf, etc.), so you manage one set of skills that syncs across all of them.
The ~/.agents/skills spec is interesting—if it gains real adoption, we'd support it as a source path as well. Skills Manager is intentionally agent-neutral, so adding a new path resolver is trivial.
CLI is quickly becoming the default entry point for agents. But data agents probably need a much stricter permission model than coding agents. Bash + CLI greatly expands what you can do beyond the native SQL capabilities of a data warehouse, which is powerful. But it also means data operations and credentials are now exposed to the shell environment.
So giving data agents rich tooling through a CLI is really a double-edged sword.
I went through the security guidance for the Snowflake Cortex Code CLI(https://docs.snowflake.com/en/user-guide/cortex-code/securit...), and the CLI itself does have some guardrails.
But since this is a shared cloud environment, if a sandbox escape happens, could someone break out and access another user’s credentials?
It is a broader system problem around permission caching, shell auditing, and sandbox isolation.
