[BUG] skills-init is using root user to clone

### 📋 Prerequisites

- [x] I have searched the [existing issues](./issues) to avoid creating a duplicate
- [x] By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/kagent-dev/kagent/blob/main/CODE_OF_CONDUCT.md)
- [x] I am using the latest version of the software
- [x] I have tried to clear cache/cookies or used incognito mode (if ui-related)
- [x] I can consistently reproduce this issue

### 🎯 Affected Service(s)

App Service

### 🚦 Impact/Severity

No impact (Default)

### 🐛 Bug Description

When an agent uses git skill sources, the `skills-init` container runs with `root` user, so the skill is not readable from the main container, that runs with the `python` user:

```
bash-5.3$ ls -la /skills/kebab-maker/
ls: can't open '/skills/kebab-maker/': Permission denied
total 0
bash-5.3$ ls -la /skills
total 12
drwxrwxrwx    3 root     root          4096 Apr 27 11:30 .
drwxr-xr-x    1 root     root          4096 Apr 27 11:30 ..
drwx------    3 root     root          4096 Apr 27 11:30 kebab-maker
bash-5.3$ whoami
python
```

### 🔄 Steps To Reproduce

run.sh: [workshop.zip](https://github.com/user-attachments/files/27124189/workshop.zip)

### 🤔 Expected Behavior

_No response_

### 📱 Actual Behavior

_No response_

### 💻 Environment

0.3.17-nightly-2026-04-26-dd552ef4

### 🔧 CLI Bug Report

_No response_

### 🔍 Additional Context

[doc-debug-report-20260427061558.zip](https://github.com/user-attachments/files/27124248/doc-debug-report-20260427061558.zip)

### 📋 Logs

```shell
Cloning http://gitea-http.gitea:3180/gitops/skills-repo.git (ref main) into /skills/kebab-maker
Cloning into '/skills/kebab-maker'...


2026-04-27 06:15:22,081 - a2a.server.apps.jsonrpc.jsonrpc_app - ERROR - Unhandled exception
Traceback (most recent call last):
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/apps/jsonrpc/jsonrpc_app.py", line 370, in _handle_requests
    return await self._process_non_streaming_request(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        request_id, a2a_request, call_context
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/apps/jsonrpc/jsonrpc_app.py", line 450, in _process_non_streaming_request
    handler_result = await self.handler.on_message_send(
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        request_obj, context
        ^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/utils/telemetry.py", line 228, in async_wrapper
    result = await func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/request_handlers/jsonrpc_handler.py", line 107, in on_message_send
    task_or_message = await self.request_handler.on_message_send(
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        request.params, context
        ^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/utils/telemetry.py", line 228, in async_wrapper
    result = await func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/request_handlers/default_request_handler.py", line 343, in on_message_send
    await self._cleanup_producer(producer_task, task_id)
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/utils/telemetry.py", line 228, in async_wrapper
    result = await func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/request_handlers/default_request_handler.py", line 440, in _cleanup_producer
    await producer_task
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/utils/telemetry.py", line 228, in async_wrapper
    result = await func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/.venv/lib/python3.13/site-packages/a2a/server/request_handlers/default_request_handler.py", line 196, in _run_event_stream
    await self.agent_executor.execute(request, queue)
  File "/.kagent/packages/kagent-adk/src/kagent/adk/_agent_executor.py", line 174, in execute
    await self._execute_impl(context, event_queue)
  File "/.kagent/packages/kagent-adk/src/kagent/adk/_agent_executor.py", line 243, in _execute_impl
    runner = await self._resolve_runner()
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/packages/kagent-adk/src/kagent/adk/_agent_executor.py", line 137, in _resolve_runner
    result = self._runner()
  File "/.kagent/packages/kagent-adk/src/kagent/adk/_a2a.py", line 112, in create_runner
    root_agent = self.root_agent_factory()
  File "/.kagent/packages/kagent-adk/src/kagent/adk/cli.py", line 84, in root_agent_factory
    maybe_add_skills_with_config(root_agent, agent_config)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/packages/kagent-adk/src/kagent/adk/cli.py", line 50, in maybe_add_skills_with_config
    add_skills_tool_to_agent(skills_directory, root_agent)
    ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.kagent/packages/kagent-adk/src/kagent/adk/tools/skills_plugin.py", line 34, in add_skills_tool_to_agent
    agent.tools.append(SkillsTool(skills_directory))
                       ~~~~~~~~~~^^^^^^^^^^^^^^^^^^
  File "/.kagent/packages/kagent-adk/src/kagent/adk/tools/skill_tool.py", line 35, in __init__
    description = self._generate_description_with_skills()
  File "/.kagent/packages/kagent-adk/src/kagent/adk/tools/skill_tool.py", line 44, in _generate_description_with_skills
    skills = discover_skills(self.skills_directory)
  File "/.kagent/packages/kagent-skills/src/kagent/skills/discovery.py", line 50, in discover_skills
    if not skill_file.exists():
           ~~~~~~~~~~~~~~~~~^^
  File "/python/cpython-3.13.13-linux-x86_64-gnu/lib/python3.13/pathlib/_abc.py", line 450, in exists
    self.stat(follow_symlinks=follow_symlinks)
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/python/cpython-3.13.13-linux-x86_64-gnu/lib/python3.13/pathlib/_local.py", line 515, in stat
    return os.stat(self, follow_symlinks=follow_symlinks)
           ~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/skills/-maker/kebabSKILL.md'
2026-04-27 06:15:22,084 - a2a.server.apps.jsonrpc.jsonrpc_app - ERROR - Request Error (ID: 712f3ac5-40f8-4704-950e-74bb02d7048f): Code=-32603, Message='[Errno 13] Permission denied: '/skills/kebab-maker/SKILL.md''
INFO:     127.0.0.1:38096 - "POST / HTTP/1.1" 200 OK
```

### 📷 Screenshots

_No response_

### 🙋 Are you willing to contribute?

- [x] I am willing to submit a PR to fix this issue

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] skills-init is using root user to clone #1761

📋 Prerequisites

🎯 Affected Service(s)

🚦 Impact/Severity

🐛 Bug Description

🔄 Steps To Reproduce

🤔 Expected Behavior

📱 Actual Behavior

💻 Environment

🔧 CLI Bug Report

🔍 Additional Context

📋 Logs

📷 Screenshots

🙋 Are you willing to contribute?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] skills-init is using root user to clone #1761

Description

📋 Prerequisites

🎯 Affected Service(s)

🚦 Impact/Severity

🐛 Bug Description

🔄 Steps To Reproduce

🤔 Expected Behavior

📱 Actual Behavior

💻 Environment

🔧 CLI Bug Report

🔍 Additional Context

📋 Logs

📷 Screenshots

🙋 Are you willing to contribute?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions