From 15f7b24312fee332d737d3cbb3ee617f97d0e008 Mon Sep 17 00:00:00 2001
From: ruomeng <ruomeng@google.com>
Date: Wed, 8 Apr 2026 17:44:53 -0400
Subject: [PATCH] feat(plan): require user confirmation for activate_skill in
 Plan Mode (#24946)

---
 packages/core/src/policy/policies/plan.toml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/packages/core/src/policy/policies/plan.toml b/packages/core/src/policy/policies/plan.toml
index eaf1f9471b..6e8cfcb454 100644
--- a/packages/core/src/policy/policies/plan.toml
+++ b/packages/core/src/policy/policies/plan.toml
@@ -80,13 +80,6 @@ priority = 40
 modes = ["plan"]
 denyMessage = "You are in Plan Mode with access to read-only tools. Execution of scripts (including those from skills) is blocked."
 
-# Explicitly Allow Read-Only Tools in Plan mode.
-[[rule]]
-toolName = ["activate_skill"]
-decision = "allow"
-priority = 50
-modes = ["plan"]
-
 [[rule]]
 toolName = "*"
 mcpName = "*"
@@ -106,14 +99,14 @@ modes = ["plan"]
 interactive = false
 
 [[rule]]
-toolName = ["ask_user", "save_memory", "web_fetch"]
+toolName = ["ask_user", "save_memory", "web_fetch", "activate_skill"]
 decision = "ask_user"
 priority = 50
 modes = ["plan"]
 interactive = true
 
 [[rule]]
-toolName = ["ask_user", "save_memory", "web_fetch"]
+toolName = ["ask_user", "save_memory", "web_fetch", "activate_skill"]
 decision = "deny"
 priority = 50
 modes = ["plan"]