Problem

The .skill archive upload/install path validates archive shape/frontmatter, but does not appear to run the same skill content security scanning used by agent-managed skill creation. Installed skill content is then loaded into agent prompts and can influence behavior.

Impact

A crafted skill archive can bypass the safety checks expected for custom skill content and become active prompt/tooling context after installation.

Suggested Fix

Apply the same scan_skill_content policy to SKILL.md and relevant support files during archive installation. Consider defaulting new custom skills to disabled/pending approval until an admin enables them.

Tests

• A .skill archive containing content that the scanner rejects should fail installation.
• A valid .skill archive should still install.
• Installed skills should preserve expected enabled/disabled approval state.

References

• backend/app/gateway/routers/skills.py:119
• backend/packages/harness/deerflow/skills/installer.py:161
• backend/packages/harness/deerflow/tools/skill_manage_tool.py:109
• backend/packages/harness/deerflow/subagents/executor.py:229