From 7868e37c369fc9dc6c4ee1131b356c3ee608dcc2 Mon Sep 17 00:00:00 2001
From: Dan Ballance <work@danballance.uk>
Date: Wed, 28 Jan 2026 00:22:44 +0000
Subject: [PATCH] Docs: Fix typo in docs/tools/skills.md

---
 docs/tools/skills.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/tools/skills.md b/docs/tools/skills.md
index b99bc5660..db23c5a16 100644
--- a/docs/tools/skills.md
+++ b/docs/tools/skills.md
@@ -66,7 +66,7 @@ that up as `<workspace>/skills` on the next session.
 
 ## Security notes
 
-- Treat third-party skills as **trusted code**. Read them before enabling.
+- Treat third-party skills as **untrusted code**. Read them before enabling.
 - Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing).
 - `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process
   for that agent turn (not the sandbox). Keep secrets out of prompts and logs.