Python: [Bug]: FileAgentSkillsProvider mis-detects resource paths and excludes valid skills

[claude89757]

Description

FileAgentSkillsProvider currently extracts resource paths from the full SKILL body using a broad regex, then hard-fails the entire skill when any extracted "resource" does not exist.

This creates false positives and makes valid skills unavailable.

What happens:

1. Content inside fenced code blocks is scanned and matched as resource paths.
2. Backtick matching is too permissive (tokens like tcp.seq_raw are treated as file paths).
3. If any extracted path does not exist, the whole skill is excluded.

What I expected:

• Ignore fenced code blocks when extracting resource paths.
• For backtick paths, only treat as resource path when it looks like a path (at least contains /).
• Missing resources should be non-fatal (warning), so the skill can still load; keep hard-fail for traversal/symlink security checks.

Steps to reproduce:

1. Create a skill folder with a valid SKILL.md frontmatter (name, description).
2. In the body, include a fenced code block containing dcx.json or protocol-like tokens such as tcp.seq_raw.
3. Instantiate FileAgentSkillsProvider(skill_paths=...).
4. Observe that skill loading excludes this skill because non-existent "resources" were extracted from markdown content that should not be treated as resource links.

Code Sample

from pathlib import Path
from tempfile import TemporaryDirectory

from agent_framework import FileAgentSkillsProvider

with TemporaryDirectory() as d:
    root = Path(d)
    skill_dir = root / "packet-inspector"
    skill_dir.mkdir(parents=True, exist_ok=True)

    (skill_dir / "SKILL.md").write_text(
        """---
name: packet-inspector
description: Analyze packet captures.
---
Use this field: `tcp.seq_raw`

```json
{ "example": "dcx.json" }

See reference.
""",
encoding="utf-8",
)

(skill_dir / "refs").mkdir(exist_ok=True)
(skill_dir / "refs" / "guide.md").write_text("ok", encoding="utf-8")

provider = FileAgentSkillsProvider(str(root))
# expected: skill is loaded
# actual: skill may be excluded due to false-positive resource extraction

### Error Messages / Stack Traces
Typical warning observed during load:

```text
Excluding skill '<skill-name>': referenced resource '<token>' does not exist

Package Versions

agent-framework-core: latest main (reproduced from current repository implementation)

Python Version

Python 3.11+

Additional Context

Current implementation points (Python):

• python/packages/core/agent_framework/_skills.py
  • _extract_resource_paths() scans entire body with _RESOURCE_LINK_RE
  • _validate_resources() returns False on first missing resource

Suggested fix direction:

• Strip fenced code blocks before resource extraction.
• Tighten backtick path detection (require / in backtick candidate).
• Treat missing resources as warning-only (do not exclude skill), while keeping path-traversal/symlink violations as exclusion conditions.

[claude89757]

Thanks! I noticed this appears related to #4369 and the ongoing fix work in #4387.

One additional scenario to explicitly cover: false-positive resource extraction from fenced code blocks.

Example pattern in SKILL.md body:

```json
{ "example": "dcx.json" }

Today, path-like tokens inside fenced code can be matched as resources, and if any such token does not exist on disk, the whole skill can be excluded.

Suggested behavior:
- Ignore fenced code blocks when extracting resource paths.
- Keep security hard-fail for path traversal/symlink checks.
- Prefer non-fatal handling for non-existent optional references (warning instead of excluding the entire skill).

If #4387 already addresses this code-fence case, please confirm; if not, could we track it as part of the same fix scope?