Great breakdown. The part I keep seeing in enterprise pilots is exactly what you called out: teams optimize capabilities first, then scramble on governance. Treating skills as executable instructions with a strict sandbox/evidence loop is the practical fix.
This was one of the better writeups I’ve seen because you separated “malicious install chain” from “instruction-layer hijack.” Most people treat those as the same threat, but they need different controls.
What stood out to me most was your point about skills becoming malicious later (remote fetch + post-install drift). That’s the part teams underestimate.
One thing I’ve started doing is a lightweight “pre-flight + post-update diff” check before enabling any new skill in a production workflow. It’s not perfect, but it catches obvious behavior drift early and keeps the blast radius smaller.
real appreciate that! the “rug pull” really is a threat, and it usually targets smaller orgs that don’t have the knowledge / capability to do hashing and pinning.
awesome working here with you Josh! love the way this lands.
feel free to anyone in the comments section to ask follow up questions!
likewise! yes, everyone ask away.
Glad to see evaluating a skill is so easy now!
Even more glad to see ToxSec here!
haha! hello hello! 😁
Great breakdown. The part I keep seeing in enterprise pilots is exactly what you called out: teams optimize capabilities first, then scramble on governance. Treating skills as executable instructions with a strict sandbox/evidence loop is the practical fix.
that’s right. that’s the exact pattern i’m seeing too.
This was one of the better writeups I’ve seen because you separated “malicious install chain” from “instruction-layer hijack.” Most people treat those as the same threat, but they need different controls.
What stood out to me most was your point about skills becoming malicious later (remote fetch + post-install drift). That’s the part teams underestimate.
One thing I’ve started doing is a lightweight “pre-flight + post-update diff” check before enabling any new skill in a production workflow. It’s not perfect, but it catches obvious behavior drift early and keeps the blast radius smaller.
real appreciate that! the “rug pull” really is a threat, and it usually targets smaller orgs that don’t have the knowledge / capability to do hashing and pinning.
the preflight check is a great idea :)
I need to make money can you assist