Papers / Governing Enterprise AI Skills

Governing Enterprise AI Skills

Risk, Reuse, and Control in Agentic AI

Jan Uyttenhove | May 2026 | Version 1.4

Download the full paper

PDF, 12 pages

Download PDF

Abstract

Enterprises are beginning to use AI assistants and agentic systems not only for isolated conversations, but also as reusable work environments. Employees can create prompts, workflows, helper scripts, data-processing routines, and small pieces of automation, then share them with colleagues as "skills". This looks like a natural productivity pattern. It is also the beginning of a new internal supply chain.

A skill is not just documentation. It can contain instructions, code, examples, assumptions, access patterns, and operational knowledge. When such a skill is reused inside an AI assistant or agentic platform, it can influence behavior at runtime. That creates a different risk model from traditional software, because large language models do not enforce a clean boundary between instructions and data.

The enterprise risk is therefore not limited to malicious skills. The larger risk is that informal personal automation becomes shared enterprise behavior without ownership, review, versioning, policy enforcement, or auditability. Skills should be governed as first-class software-like artifacts, but software governance alone is not enough. Enterprises need lifecycle control, prompt and context review, secret detection, code scanning, controlled distribution, runtime policy enforcement, and audit logging.

In this paper

  1. 01 Abstract
  2. 02 Introduction: when productivity becomes a control problem
  3. 03 What is an AI skill?
  4. 04 Why skills are different from traditional software
  5. 05 The risk model: from useful reuse to unmanaged supply chain
  6. 06 Why existing controls are not enough
  7. 07 Governance model: skills as governed enterprise artifacts
  8. 08 Reference architecture: controlled skill lifecycle and runtime enforcement
  9. 09 Practical adoption path
  10. 10 Conclusion
  11. 11 References
agentic AIgovernancerisk managemententerprise architecture

Read the full paper

12 pages covering risk model, governance framework, and reference architecture.

Download PDF

Questions or feedback? Reach out to Jan Uyttenhove on LinkedIn or via jan@insidin.com.