Skills as Verifiable Artifacts: A Trust Schema and a Biconditional Correctness Criterion for Human-in-the-Loop Agent Runtimes

Alfredo Metere's new paper, 'Skills as Verifiable Artifacts' (arXiv:2605.00424), tackles a growing problem in AI agent deployments: skills—packaged instructions, scripts, and references that augment LLMs without retraining—have become first-class artifacts, yet runtimes have no robust way to trust them. Metere argues that a skill is inherently untrusted code until verified; current approaches that rely on signatures, clearance levels, or registries are insufficient. Without verification, human-in-the-loop (HITL) gates must fire on every irreversible action, which degrades into rubber-stamping at scale. The paper's core thesis: separate verification from runtime, and let HITL intervene only for what remains unverified.

The paper delivers a complete trust schema with explicit verification levels embedded in every skill manifest, a capability gate whose HITL policy is a function of that level, and a biconditional correctness criterion that any verification procedure must satisfy when tested on adversarial-ensemble exercises. Metere also provides ten normative guidelines abstracted from an open-source reference implementation (Enclawed, cited in the paper). The framework is harness- and model-agnostic—no retraining, fine-tuning, or proprietary infrastructure required. This makes it immediately applicable to any LLM-based agent runtime, offering a path to sustainable, scalable human oversight without drowning operators in alerts.