Skills control what your agent does on your behalf
Skills are markdown files that get injected into your agent’s prompt. They tell the agent how to behave, what commands to run, what patterns to follow. A malicious or poorly written skill can make your agent run harmful commands without you realising.
Before installing any skill:
- Read the markdown files. All of them. See if they make sense
- Check who wrote them and whether you trust the source
- Understand what the skill tells the agent to do — what commands, what permissions, what access
- Test it without skipping permissions. If a tool’s first recommendation is
--dangerously-skip-permissions, that’s a red flag, not a featureYour machine has access to credentials, dotfiles, SSH keys, and other projects. A rogue skill doesn’t just affect one project — it affects everything the agent can reach.