feat(skills): gate execution receipts with policy checks

src/cli/skills.test.ts

@@ -18,6 +18,7 @@ import {
   toSkillInstallerExecutionStubView,
   renderSkillInstallerExecutionStub,
   toSkillInstallerExecutionStubFromPreflight,
+  evaluateInstallerExecutionPolicy,
   runSkillInstallAction,
 } from './skills.js';
 import type { Skill } from '../skills/index.js';
@@ -279,6 +280,22 @@ describe('skills CLI helpers', () => {
     expect(view.wouldRun).toEqual(['download https://example.com/a.tgz -> /tmp/a.tgz']);
   });
 
+  it('marks install execution policy as confirmation_required when not confirmed', () => {
+    const policy = evaluateInstallerExecutionPolicy({ mode: 'install', confirmed: false });
+
+    expect(policy.confirmed).toBe(false);
+    expect(policy.execution_enabled).toBe(false);
+    expect(policy.reason).toBe('confirmation_required');
+  });
+
+  it('keeps execution policy disabled after confirmation', () => {
+    const policy = evaluateInstallerExecutionPolicy({ mode: 'install', confirmed: true });
+
+    expect(policy.confirmed).toBe(true);
+    expect(policy.execution_enabled).toBe(false);
+    expect(policy.reason).toBe('execution_disabled');
+  });
+
   it('summarizes refresh counts across status and tiers', () => {
     const summary = summarizeSkillsRefresh([
       buildSkill({ manifest: { name: 'a', description: 'a', version: '1.0.0', tier: 'bundled' } }),
@@ -413,7 +430,7 @@ describe('skills CLI helpers', () => {
     expect(payload.execution.mode).toBe('install');
     expect(payload.execution.execution_enabled).toBe(false);
     expect(payload.execution.executed).toEqual([]);
-    expect(payload.execution.reason).toBe('execution_disabled');
+    expect(payload.execution.reason).toBe('confirmation_required');
 
     logSpy.mockRestore();
     rmSync(root, { recursive: true, force: true });