diff --git a/.changeset/add-pick-to-experts.md b/.changeset/add-pick-to-experts.md
new file mode 100644
index 00000000..6c16db05
--- /dev/null
+++ b/.changeset/add-pick-to-experts.md
@@ -0,0 +1,15 @@
+---
+"create-expert": patch
+---
+
+Add `pick` to all internal PBT framework experts for minimal privilege
+
+Each expert now only has access to the tools it actually needs:
+- `create-expert`: `["attemptCompletion"]`
+- `property-extractor`: `["attemptCompletion"]`
+- `ecosystem-builder`: `["readTextFile", "appendTextFile", "attemptCompletion"]`
+- `integration-manager`: `["attemptCompletion"]`
+- `functional-manager`: `["attemptCompletion"]`
+- `usability-manager`: `["attemptCompletion"]`
+- `expert-tester`: `["exec", "attemptCompletion"]`
+- `report-generator`: `["attemptCompletion"]`
diff --git a/apps/create-expert/src/lib/create-expert-toml.ts b/apps/create-expert/src/lib/create-expert-toml.ts
index 14334924..c9fd903a 100644
--- a/apps/create-expert/src/lib/create-expert-toml.ts
+++ b/apps/create-expert/src/lib/create-expert-toml.ts
@@ -620,6 +620,7 @@ delegates = ["property-extractor", "ecosystem-builder", "integration-manager", "
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -634,6 +635,7 @@ ${PROPERTY_EXTRACTOR_INSTRUCTION}
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -648,6 +650,7 @@ ${ECOSYSTEM_BUILDER_INSTRUCTION}
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["readTextFile", "appendTextFile", "attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -663,6 +666,7 @@ delegates = ["functional-manager", "usability-manager"]
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -678,6 +682,7 @@ delegates = ["expert-tester"]
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -693,6 +698,7 @@ delegates = ["expert-tester"]
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -707,6 +713,7 @@ ${EXPERT_TESTER_INSTRUCTION}
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["exec", "attemptCompletion"]
 
 # ----------------------------------------------------------------------------
 
@@ -721,5 +728,6 @@ ${REPORT_GENERATOR_INSTRUCTION}
 type = "mcpStdioSkill"
 command = "npx"
 packageName = "@perstack/base"
+pick = ["attemptCompletion"]
 `
 }