Skip to content

Safe Installation Workflow

Connor edited this page Jul 3, 2026 · 2 revisions

Safe Installation Workflow

Skill installation is a small supply-chain decision. The curator should make that decision visible and reversible.

Workflow

  1. Confirm the user needs a new skill.
  2. Prefer built-in and already-installed skills when they are sufficient.
  3. Search only when the task is high-value, repeated, latest/best, or missing local coverage.
  4. Confirm the candidate is actually an Agent Skill with SKILL.md.
  5. Score task fit, structure, documentation, maintenance, stars, license, and safety.
  6. Scan for prompt injection, secret access, destructive commands, opaque installers, and overbroad triggers.
  7. Present candidates with risks and unknowns.
  8. Install only after user approval.
  9. Install only the selected skill folder when possible.
  10. Read the installed SKILL.md before invoking it.
  11. Preserve backups when replacing an existing skill.
  12. Provide disable, quarantine, or removal guidance if the skill is noisy or unsafe.

Candidate Summary Template

Candidate: owner/repo/path
Task fit: High / Medium / Low
Tier: Strict / Relaxed / Exploratory / Reject
Why it matches:
Main risks:
Unknowns:
Install target: Codex / Claude Code / both
Recommended action:

Approval Boundary

User approval to inspect a candidate is not approval to install it. User approval to install a skill is not approval to run destructive commands, expose secrets, or ignore the user's original task.

After Install

After installation:

  • verify the copied files;
  • read the installed SKILL.md;
  • check the description for overbroad triggers;
  • run a small, task-relevant smoke test if practical;
  • explain how to invoke and disable the skill.

Clone this wiki locally