> how are you handling the trust boundary for self-created skills?
At least in the Claude model, there's nothing a skill can do that the model couldn't already do? Isn't it still the same tool calls underneath, with the same permissions?
Think of skills as plugins providing AGENTS.md snippets and a subdirectory of executables, as if those were part of the workspace to begin with.
At least in the Claude model, there's nothing a skill can do that the model couldn't already do? Isn't it still the same tool calls underneath, with the same permissions?
Think of skills as plugins providing AGENTS.md snippets and a subdirectory of executables, as if those were part of the workspace to begin with.