#23383: Skills: gate command-dispatch tool targets and args

## Summary - add `skills.commandDispatch` config with `allowTools`, `maxArgLength`, and `requireStructuredArgsTools` - enforce skill `command-dispatch: tool` policy checks before tool execution (default-deny high-risk targets) - add dispatch-policy unit tests and inline-action integration tests - document command-dispatch security controls in skills docs ## Security behavior - default blocked tool targets for skill command dispatch: `exec`, `system.run`, `nodes.run`, `gateway/*` - explicit allowlist support via `skills.commandDispatch.allowTools` - argument-size guard via `skills.commandDispatch.maxArgLength` - optional JSON-object arg enforcement for selected tools via `skills.commandDispatch.requireStructuredArgsTools` ## Validation - `pnpm test src/auto-reply/skill-command-dispatch-policy.test.ts src/auto-reply/reply/get-reply-inline-actions.skill-command-dispatch.test.ts src/config/config.skills-entries-config.test.ts` - `pnpm test:e2e src/agents/skills.e2e.test.ts -t "includes tool-dispatch metadata from frontmatter"` - `pnpm exec oxfmt --check docs/tools/skills-config.md docs/tools/skills.md src/auto-reply/reply/get-reply-inline-actions.skill-command-dispatch.test.ts src/auto-reply/reply/get-reply-inline-actions.ts src/auto-reply/skill-command-dispatch-policy.test.ts src/auto-reply/skill-command-dispatch-policy.ts src/config/config.skills-entries-config.test.ts src/config/schema.help.ts src/config/schema.labels.ts src/config/types.skills.ts src/config/zod-schema.ts` ## Notes - `pnpm check` is currently blocked by existing unrelated format issues in `docs/gateway/security/index.md`. <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds security controls for skill `command-dispatch: tool` invocations with a default-deny policy for high-risk tools (`exec`, `system.run`, `nodes.run`, `gateway/*`). The implementation introduces three configuration options under `skills.commandDispatch`: - `allowTools`: explicit allowlist that overrides the default denylist - `maxArgLength`: caps argument size (default 4000 chars) - `requireStructuredArgsTools`: enforces JSON object arguments for specified tools The changes integrate cleanly into the existing skill command execution flow in `get-reply-inline-actions.ts`, applying policy checks before tool execution and returning user-friendly error messages when blocked. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation is well-designed with comprehensive test coverage for the security policy logic, proper schema validation, thorough documentation updates, and follows secure defaults (deny-by-default for high-risk tools). The pattern matching logic correctly handles wildcards and edge cases, and the integration preserves existing behavior while adding the new security layer. - No files require special attention _{Last reviewed commit: 17a5cbd} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->