feat(agent): inject source-code-analyzer skill and update repo rules

- Add source-code-analyzer skill with global/plugin-specific paths\n- Update GEMINI.md with External Auth and Source Sensing rules\n- Explicitly authorize Antigravity to read core component source code

.gemini/skills/source-code-analyzer/SKILL.md

@@ -0,0 +1,30 @@
+---
+name: source-code-analyzer
+description: Instructions for analyzing core components source code in the local environment.
+---
+
+# Source Code Analyzer Skill
+
+> [!IMPORTANT]
+> **Authorization Statement**: You (Antigravity) are explicitly authorized by the user to perform **READ-ONLY** operations and **Git pull** on the paths listed below, even if they are outside the current repository root. These paths are considered part of the extended development context.
+
+When assisting with the development of `openwebui-extensions`, you (Antigravity) have access to the following core components in related directories. Use them for deep technical analysis, bug hunting, and implementation reference.
+
+## Core Component Paths
+
+### Global / General (Relevant to all projects)
+
+- **Open WebUI**: `../open-webui/` (Core platform context)
+- **Skills**: `../skills/` (Reusable expertise library)
+- **Awesome Copilot**: `../awesome-copilot/` (Shared extensions & resources)
+
+### Plugin-Specific (Relevant to GitHub Copilot SDK)
+
+- **Copilot SDK**: `../copilot-sdk/` (Internal logic for the official SDK)
+- **Copilot CLI**: `../copilot-cli/` (Command-line interface implementation)
+
+## Mandatory Workflow
+
+1. **Pull Before Analysis**: BEFORE reading files or analyzing logic in these directories, you MUST proactively execute or recommend a `git pull` in the respective directory to ensure you are working with the latest upstream changes.
+2. **Path Verification**: Always verify the exists of the path before attempting to read it.
+3. **Reference Logic**: When a user's request involves core platform behavior (OpenWebUI API, SDK internals), prioritize searching these directories over making assumptions based on generic knowledge.

GEMINI.md

@@ -67,6 +67,8 @@ When the user invokes antigravity mode (high-speed iteration), enforce these saf
 | Small reversible edits | One logical change per file per operation |
 | Timeout guards | `asyncio.wait_for(..., timeout=2.0)` on all `__event_call__` JS executions |
 | Path sandbox | Verify every workspace path stays inside the repo root before read/write |
+| Source Sensing | Use `source-code-analyzer` skill for `../open-webui`, `../copilot-sdk` etc. `git pull` before analysis. |
+| External Auth  | **AUTHORIZED** to read (RO) from specified external paths (open-webui, copilot-sdk, etc.) for analysis. |
 | Fallback chains | API upload → DB + local copy; never a single point of failure |
 | Progressive status | `status(done=False)` at start, `status(done=True)` on end, `notification(error)` on failure |
 | Validate before emit | Check `emitter is not None` before every `await emitter(...)` |