[Bug] Skills unable to read their own bundled files without permissions
# Skills require permission to read bundled files despite documentation implying automatic access
## Summary
Skills currently prompt for user permission when reading their own bundled files (references/, scripts/, assets/), despite documentation suggesting these files should be automatically accessible as part of the "progressive disclosure" pattern.
## Expected Behavior
According to the skills documentation and the skills deep dive:
> "When the skill is invoked, the skill's base directory path is automatically provided, making bundled resources accessible."
> "Claude follows the Skill's instructions, loading referenced files or running bundled scripts as needed."
The progressive disclosure pattern implies that bundled files should be loaded "as needed" without requiring explicit user permission for each file read.
## Actual Behavior
When a skill attempts to read its bundled files, Claude prompts the user for permission using the Read tool, treating bundled skill files the same as any other file in the filesystem.
## Reproduction Steps
- Install the official
skill-creatorskill fromanthropics/skills - Invoke the skill:
/skill-creator I need help creating a simple test skill. Can you show me the workflow patterns from your references? - Observe that Claude prompts for permission when attempting to read
/Users/[user]/.claude/skills/skill-creator/references/workflows.md
Same behavior occurs with any custom skill that references its bundled files.
## Structural Analysis
Both official Anthropic skills and custom skills use identical patterns:
Directory structure:
skill-name/
├── SKILL.md
├── references/
│ └── example.md
├── scripts/
│ └── example.py
└── assets/
└── template.md
Frontmatter (from official skill-creator):
```yaml
---
name: skill-creator
description: Guide for creating effective skills...
license: Complete terms in LICENSE.txt
---
No allowed-tools field is present in official Anthropic skills.
File references (from SKILL.md):
See references/workflows.md for sequential workflows
See references/output-patterns.md for template patterns
Impact
This behavior contradicts the documented progressive disclosure pattern and creates friction in the skill usage experience:
1. Breaks expected workflow - Users must grant permission for each bundled file, even though these files are part of the skill package they explicitly invoked
2. Security confusion - Users may wonder why permission is needed for files that should be inherently accessible to the skill
3. Documentation mismatch - Official examples show skills that would require permissions despite no allowed-tools declaration
Questions
1. Is this intended behavior? If so, the documentation should be updated to clarify that:
- Bundled files require the Read tool
- Skills should include allowed-tools: Read in frontmatter
- Official examples should demonstrate this pattern
2. Is this a bug? If bundled files should be automatically accessible, what mechanism should make them available without triggering permission prompts?
3. Should bundled files have a special permission context? Perhaps files within a skill's base directory should be implicitly accessible when that skill is active?
Environment
- Claude Code version: [latest as of 2025-12-29]
- Platform: macOS (Darwin 25.1.0)
- Skill location: ~/.claude/skills/
- Tested with: Both official skill-creator skill and custom user skills
Suggested Resolution
Either:
Option A: Update documentation to clarify that skills need allowed-tools: Read to access bundled files, and update all official examples to include this.
Option B: Implement automatic access to bundled files within a skill's base directory when that skill is active, without requiring Read tool permissions.
Option B seems more aligned with the documented progressive disclosure pattern and the stated goal of making bundled resources "automatically provided" when a skill is invoked.This issue has 13 comments on GitHub. Read the full discussion on GitHub ↗