Winget Package Manager Skill
Overview
This is a prompt-only Windows package management skill built around winget.
It does not provide its own executable wrapper scripts.
Instead, it defines a safe workflow, decision rules, and behavior constraints for agents that already have access to a terminal, shell, or command-execution capability in the host environment.
The goal of this skill is to help an agent use winget safely and consistently on Windows without turning package management into arbitrary shell execution.
Host capability requirement
This skill assumes the host environment already provides a way to run Windows commands.
Examples of suitable host capabilities include:
- - A terminal tool
- A shell execution tool
- A controlled local command runner
- An MCP/server/tool that can execute �INLINECODE1
If the host cannot execute commands, this skill can still provide workflow guidance, but it cannot directly perform package operations.
When to use this skill
Use this skill when the user wants to:
- - Search for an application available through WinGet
- Inspect package details before taking action
- Download an installer package without installing it
- Install an application
- Upgrade an application
- Uninstall an application
- List applications that have available upgrades
When NOT to use this skill
Do not use this skill for:
- - Running arbitrary PowerShell or shell commands
- Editing files, registry keys, services, or scheduled tasks
- Downloading files from custom URLs
- Executing local
.exe, .bat, .cmd, or .ps1 files outside the host's trusted execution model - Installing software from sources other than approved WinGet sources
- Performing destructive actions when package identity is ambiguous
Supported operations
This skill supports exactly 7 operations:
- - �INLINECODE6
- INLINECODE7
- INLINECODE8
- INLINECODE9
- INLINECODE10
- INLINECODE11
- INLINECODE12
Do not expand the scope beyond these operations unless the skill is explicitly redesigned.
Safety rules
- 1. Only use the 7 supported operations:
-
search
-
show
-
download
-
install
-
upgrade
-
uninstall
- �INLINECODE19
- 2. Prefer exact package IDs over fuzzy names whenever possible.
Examples:
-
Microsoft.VisualStudioCode
-
Google.Chrome
- �INLINECODE22
- 3. For
install, upgrade, and uninstall:
- If the package identity is ambiguous, do
not execute immediately.
- Run
search or
show first.
- Return all matching candidates and ask the user to choose.
- 4. Only allow approved sources:
-
winget
- �INLINECODE29
- 5. Do not invent or append unsupported WinGet arguments.
- 6. Do not transform this skill into a generic PowerShell executor or shell tool.
- 7. Treat
uninstall as high-risk:
- Always prefer an exact package ID.
- If identity is unclear, stop and disambiguate before acting.
- 8. Never automatically retry
install, upgrade, or uninstall after failure.
Report the failure and let the user decide what to do next.
Repeated retries may trigger repeated elevation prompts or vendor installer/uninstaller dialogs.
- 9. Disambiguation is mandatory:
When multiple packages match a request, list all relevant candidates and ask which one should be used.
Never silently operate on all matches.
- 10. For
uninstall, do not rely only on a success-looking message from the package manager.
If the host environment allows it, perform a
post-check to verify whether the package still appears to be installed.
Allowed operations and risk levels
| Action | Description | Risk Level |
|---|
| INLINECODE35 | Search for packages | Low |
| INLINECODE36 |
View package details | Low |
|
download | Download installer only | Medium |
|
install | Install a package | Medium |
|
upgrade | Upgrade a package | Medium |
|
uninstall | Uninstall a package | High |
|
list-upgrades | List updatable packages | Low |
Core workflow
The agent should follow this workflow:
1. Search or identify the package
When the user provides a fuzzy name such as:
- - "install chrome"
- "upgrade vscode"
- "remove git"
the agent should first identify the correct package through winget search or equivalent host capability.
2. Inspect details when needed
If identity is uncertain, or the action is medium/high risk, inspect the package before acting.
Use show when helpful to confirm:
- - package ID
- package name
- source
- version or metadata
3. Require precision for risky actions
For these actions:
- - �INLINECODE44
- INLINECODE45
- INLINECODE46
- INLINECODE47
the agent should prefer a precise package ID and avoid acting on vague names.
4. Execute the package operation
Only after the package is sufficiently identified should the agent execute the requested operation through the host's command capability.
5. Summarize the result clearly
Return a concise, structured result that includes:
- - action
- package identity
- source
- whether the command appears successful
- any important stdout/stderr details
- whether follow-up verification is recommended
6. Verify uninstall results when possible
If the action is uninstall, and the host allows further checks, verify the result afterward.
A vendor uninstaller may show its own dialog and may not always report cancellation in a reliable way.
Recommended command patterns
The exact execution mechanism depends on the host environment.
However, the agent should generally use patterns like the following.
Search
CODEBLOCK0
Show package details
CODEBLOCK1
Download installer only
CODEBLOCK2
Install
CODEBLOCK3
Upgrade
CODEBLOCK4
Uninstall
CODEBLOCK5
List upgradeable packages
CODEBLOCK6
Output guidance
Because this is a prompt-only skill, the exact output format depends on the host tool.
When the host environment supports structured output, prefer a consistent JSON-like structure such as:
CODEBLOCK7
If the host does not support structured tool output, the agent should still present results using a stable and consistent schema in its response.
Behavioral requirements for ambiguous matches
If the user asks something like:
- - "install DevToys"
- "uninstall DevToy"
- "upgrade Python"
and multiple packages match, the agent must:
- 1. List the candidates
- Explain that the request is ambiguous
- Ask which package should be used
- Avoid executing
install, upgrade, or uninstall until the user clarifies
Example ambiguity handling:
- - �INLINECODE52
- INLINECODE53
Do not operate on both unless the user explicitly asks for both.
Error handling guidance
The agent should handle and clearly report situations such as:
- -
winget is not installed - INLINECODE55� is not available in PATH
- package not found
- source not allowed
- network failures
- permission or elevation issues
- ambiguous package matches
- download path issues
- uninstall command finishes, but the app may still be installed
When a failure occurs, report it clearly and do not automatically retry high-risk operations.
Security constraints
- - No arbitrary command execution
- No unapproved package sources
- No free-form parameter passthrough
- No silent expansion into a generic shell skill
- No destructive action without package disambiguation
- No blind trust in uninstall success messages
Requirements
- - Windows 10 1809+ or Windows 11
- INLINECODE56� 1.6+ recommended
-
winget 1.6+ is especially useful for
download
- older versions may still support some other operations
Notes for maintainers
This skill is intentionally designed as a prompt-only / policy-only skill so it can be distributed in environments where script files may not be accepted.
A richer local version may additionally provide:
- - PowerShell wrappers
- JSON normalization
- post-check verification
- source validation
- logging and audit trails
Those implementation assets are useful, but they are outside the scope of this prompt-only distribution.
Winget 包管理器技能
概述
这是一个围绕 winget 构建的纯提示词版 Windows 包管理技能。
它不提供自己的可执行包装脚本。
相反,它为已经能够访问主机环境中终端、Shell 或命令执行能力的代理定义了安全工作流程、决策规则和行为约束。
该技能的目标是帮助代理在 Windows 上安全且一致地使用 winget,同时避免将包管理变成任意的 Shell 执行。
主机能力要求
本技能假定主机环境已经提供了运行 Windows 命令的方式。
合适的主机能力示例包括:
- - 终端工具
- Shell 执行工具
- 受控的本地命令运行器
- 能够执行 winget 的 MCP/服务器/工具
如果主机无法执行命令,本技能仍可提供工作流程指导,但无法直接执行包操作。
何时使用本技能
当用户希望执行以下操作时,使用本技能:
- - 搜索可通过 WinGet 获取的应用程序
- 在操作前检查包详情
- 下载安装包但不安装
- 安装应用程序
- 升级应用程序
- 卸载应用程序
- 列出有可用升级的应用程序
何时不使用本技能
不要将本技能用于:
- - 运行任意 PowerShell 或 Shell 命令
- 编辑文件、注册表项、服务或计划任务
- 从自定义 URL 下载文件
- 在主机可信执行模型之外执行本地 .exe、.bat、.cmd 或 .ps1 文件
- 从批准的 WinGet 源以外的来源安装软件
- 在包标识不明确时执行破坏性操作
支持的操作
本技能精确支持 7 种操作:
- - search(搜索)
- show(查看)
- download(下载)
- install(安装)
- upgrade(升级)
- uninstall(卸载)
- list-upgrades(列出可升级项)
除非明确重新设计本技能,否则不要将范围扩展到这些操作之外。
安全规则
- 1. 仅使用 7 种支持的操作:
- search
- show
- download
- install
- upgrade
- uninstall
- list-upgrades
- 2. 尽可能优先使用精确的包 ID 而非模糊名称。
示例:
- Microsoft.VisualStudioCode
- Google.Chrome
- Git.Git
- 3. 对于 install、upgrade 和 uninstall:
- 如果包标识不明确,
不要立即执行。
- 先运行 search 或 show。
- 返回所有匹配的候选包并请用户选择。
- 4. 仅允许批准的源:
- winget
- msstore
- 5. 不要发明或附加不支持的 WinGet 参数。
- 6. 不要将本技能转变为通用的 PowerShell 执行器或 Shell 工具。
- 7. 将 uninstall 视为高风险操作:
- 始终优先使用精确的包 ID。
- 如果标识不清晰,先停止并消除歧义再执行。
- 8. 失败后绝不自动重试 install、upgrade 或 uninstall。
报告失败,让用户决定下一步操作。
重复重试可能触发重复的提权提示或供应商安装/卸载程序对话框。
- 9. 消除歧义是强制要求:
当多个包匹配请求时,列出所有相关候选包并询问应使用哪一个。
绝不要对所有匹配项静默操作。
- 10. 对于 uninstall,不要仅依赖包管理器显示的成功消息。
如果主机环境允许,执行
事后检查以验证该包是否仍然显示为已安装状态。
允许的操作和风险等级
查看包详情 | 低 |
| download | 仅下载安装程序 | 中 |
| install | 安装包 | 中 |
| upgrade | 升级包 | 中 |
| uninstall | 卸载包 | 高 |
| list-upgrades | 列出可更新的包 | 低 |
核心工作流程
代理应遵循以下工作流程:
1. 搜索或识别包
当用户提供模糊名称时,例如:
- - 安装 chrome
- 升级 vscode
- 卸载 git
代理应首先通过 winget search 或等效的主机能力识别正确的包。
2. 必要时检查详情
如果标识不确定,或操作为中/高风险,请在操作前检查包。
在有助于确认以下信息时使用 show:
3. 高风险操作要求精确性
对于以下操作:
- - install
- upgrade
- download
- uninstall
代理应优先使用精确的包 ID,避免基于模糊名称执行操作。
4. 执行包操作
仅在包被充分识别后,代理才应通过主机的命令能力执行请求的操作。
5. 清晰总结结果
返回简洁、结构化的结果,包括:
- - 操作
- 包标识
- 来源
- 命令是否显示成功
- 任何重要的 stdout/stderr 详情
- 是否建议进行后续验证
6. 尽可能验证卸载结果
如果操作是 uninstall,且主机允许进一步检查,事后验证结果。
供应商的卸载程序可能显示自己的对话框,并不总是以可靠方式报告取消操作。
推荐命令模式
确切的执行机制取决于主机环境。
然而,代理通常应使用类似以下的模式。
搜索
powershell
winget search Visual Studio Code
查看包详情
powershell
winget show --id Microsoft.VisualStudioCode --exact
仅下载安装程序
powershell
winget download --id Google.Chrome --source winget --download-directory $env:USERPROFILE\Downloads --exact
安装
powershell
winget install --id Microsoft.VisualStudioCode --source winget --exact --accept-package-agreements --accept-source-agreements
升级
powershell
winget upgrade --id Git.Git --source winget --exact --accept-package-agreements --accept-source-agreements
卸载
powershell
winget uninstall --id 7zip.7zip --source winget --exact
列出可升级的包
powershell
winget upgrade
输出指导
由于这是一个纯提示词技能,确切的输出格式取决于主机工具。
当主机环境支持结构化输出时,优先使用一致的 JSON 风格结构,例如:
json
{
success: true,
action: search,
query: Visual Studio Code,
source: winget,
candidates: [
{
name: Microsoft Visual Studio Code,
id: Microsoft.VisualStudioCode,
version: 1.96.0
}
],
stdout: ...,
stderr: ,
exit_code: 0,
summary: 已完成对 Visual Studio Code 的搜索。
}
如果主机不支持结构化工具输出,代理仍应在其响应中使用稳定且一致的架构呈现结果。
模糊匹配的行为要求
如果用户提出类似以下请求:
- - 安装 DevToys
- 卸载 DevToy
- 升级 Python
并且多个包匹配,代理必须:
- 1. 列出候选包
- 解释请求存在歧义
- 询问应使用哪个包
- 在用户澄清之前避免执行 install、upgrade 或 uninstall
歧义处理示例:
- - DevToys.DevToys
- DevToys.DevToys.Preview
除非用户明确要求同时操作两者,否则不要对两者都执行操作。
错误处理指导
代理应处理并清晰报告以下情况:
- - winget 未安装
- winget 不在 PATH 中
- 未找到包
- 来源不被允许
- 网络故障
- 权限或提权问题
- 模糊的包匹配
- 下载路径问题
- 卸载命令完成,但应用程序可能仍处于安装状态
当发生故障时,清晰报告,不要自动重试高风险操作。
安全约束
- - 无任意命令执行
- 无未经批准的包来源
- 无自由形式的参数传递
- 无静默扩展为通用 Shell 技能
- 无未经包消歧的破坏性操作
- 无盲目信任卸载成功消息
要求
- - Windows 10 1809+ 或 Windows 11
- 推荐 winget 1.6+
