Add files via upload

README.md

@@ -174,7 +174,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **Predefined roles** – System includes 12+ predefined security testing roles (Penetration Testing, CTF, Web App Scanning, API Security Testing, Binary Analysis, Cloud Security Audit, etc.) in the `roles/` directory.
 - **Custom prompts** – Each role can define a `user_prompt` that prepends to user messages, guiding the AI to adopt specialized testing methodologies and focus areas.
 - **Tool restrictions** – Roles can specify a `tools` list to limit available tools, ensuring focused testing workflows (e.g., CTF role restricts to CTF-specific utilities).
-- **Skills integration** – Roles can attach security testing skills that are automatically injected into system prompts.
+- **Skills integration** – Roles can attach security testing skills. Skill names are added to system prompts as hints, and AI agents can access skill content on-demand using the `read_skill` tool.
 - **Easy role creation** – Create custom roles by adding YAML files to the `roles/` directory. Each role defines `name`, `description`, `user_prompt`, `icon`, `tools`, `skills`, and `enabled` fields.
 - **Web UI integration** – Select roles from a dropdown in the chat interface. Role selection affects both AI behavior and available tool suggestions.
 
@@ -198,7 +198,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 
 ### Skills System
 - **Predefined skills** – System includes 20+ predefined security testing skills (SQL injection, XSS, API security, cloud security, container security, etc.) in the `skills/` directory.
-- **Automatic injection** – When a role is selected, all skills attached to that role are automatically loaded and injected into the system prompt, providing AI with specialized knowledge and methodologies.
+- **Skill hints in prompts** – When a role is selected, skill names attached to that role are added to the system prompt as recommendations. Skill content is not automatically injected; AI agents must use the `read_skill` tool to access skill details when needed.
 - **On-demand access** – AI agents can also access skills on-demand using built-in tools (`list_skills`, `read_skill`), allowing dynamic skill retrieval during task execution.
 - **Structured format** – Each skill is a directory containing a `SKILL.md` file with detailed testing methods, tool usage, best practices, and examples. Skills support YAML front matter for metadata.
 - **Custom skills** – Create custom skills by adding directories to the `skills/` directory. Each skill directory should contain a `SKILL.md` file with the skill content.

README_CN.md

@@ -173,7 +173,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **预设角色**：系统内置 12+ 个预设的安全测试角色（渗透测试、CTF、Web 应用扫描、API 安全测试、二进制分析、云安全审计等），位于 `roles/` 目录。
 - **自定义提示词**：每个角色可定义 `user_prompt`，会在用户消息前自动添加，引导 AI 采用特定的测试方法和关注重点。
 - **工具限制**：角色可指定 `tools` 列表，限制可用工具，实现聚焦的测试流程（如 CTF 角色限制为 CTF 专用工具）。
-- **Skills 集成**：角色可附加安全测试技能，选择角色时自动注入到系统提示词中。
+- **Skills 集成**：角色可附加安全测试技能。技能名称会作为提示添加到系统提示词中，AI 智能体可通过 `read_skill` 工具按需获取技能内容。
 - **轻松创建角色**：通过在 `roles/` 目录添加 YAML 文件即可创建自定义角色。每个角色定义 `name`、`description`、`user_prompt`、`icon`、`tools`、`skills`、`enabled` 字段。
 - **Web 界面集成**：在聊天界面通过下拉菜单选择角色。角色选择会影响 AI 行为和可用工具建议。
 
@@ -197,7 +197,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 
 ### Skills 技能系统
 - **预设技能**：系统内置 20+ 个预设的安全测试技能（SQL 注入、XSS、API 安全、云安全、容器安全等），位于 `skills/` 目录。
-- **自动注入**：当选择某个角色时，该角色附加的所有技能会自动加载并注入到系统提示词中，为 AI 提供专业知识和测试方法。
+- **提示词中的技能提示**：当选择某个角色时，该角色附加的技能名称会作为推荐添加到系统提示词中。技能内容不会自动注入，AI 智能体需要时需使用 `read_skill` 工具获取技能详情。
 - **按需调用**：AI 智能体也可以通过内置工具（`list_skills`、`read_skill`）按需访问技能，允许在执行任务过程中动态获取相关技能。
 - **结构化格式**：每个技能是一个目录，包含一个 `SKILL.md` 文件，详细描述测试方法、工具使用、最佳实践和示例。技能支持 YAML front matter 格式用于元数据。
 - **自定义技能**：通过在 `skills/` 目录添加目录即可创建自定义技能。每个技能目录应包含一个 `SKILL.md` 文件。