Reference Guide

Cowork Common Mistakes

Eight mistakes that show up in nearly every new Cowork user's first month — and the fix for each, before you make them.

Best for: Mount narrowly — one project folder at a time. Set narrow defaults in user preferences so every session starts scoped.

Symptom: the agent surfaces files you didn't expect — old tax PDFs, archived chats, env files
Symptom: the folder approval dialog showed a path higher up the tree than the project you actually opened
Fix: revoke the broad mount in Settings → Folder access, re-approve the narrow folder you actually need
Prevention: set Default mounts in user preferences to the two or three folders you use most

Limitations: Scope creep is the most common Cowork mistake by a wide margin. Authority granted is authority used — the agent has no way to know which files inside an approved folder were "really" intended to be in scope.

Scope creep

Best for: Tighten each skill's description to the specific workflow it owns, or uninstall the ones that aren't earning their slot.

Symptom: the same prompt produces different output structures across sessions
Symptom: you can't predict which skill will fire before you fire the prompt
Fix: open each overlapping skill, tighten the description to the workflow it actually owns
Fix: uninstall skills you haven't used in a month — they're competing for triggers without earning their slot

Limitations: Skill descriptions are the only thing standing between a prompt and the right capability. Vague descriptions create lottery-ticket behavior; sharp descriptions create predictable behavior.

Trust drift

Best for: If the job must run regardless of your sleep schedule, use Routines (cloud-hosted). For personal, desktop-bound briefings, Scheduled Tasks are fine.

Symptom: the morning briefing you set up yesterday is missing
Symptom: /schedule list shows the task as queued or skipped, not completed
Fix: rebuild the job as a Routine (cloud-hosted) if it has to fire on a guarantee
Fix: if a desktop task is acceptable, set your laptop to never-sleep on AC power and accept the failure mode

Limitations: Scheduled Tasks and Routines are two different products with similar names. Cowork surfaces both; the trap is treating them as interchangeable. Pick the one whose failure mode you can live with.

Wrong surface

Best for: Revoke, re-authenticate with read-only. Add write scopes only after the read flow has been working for a week and the specific write workflow demands it.

Symptom: surprise actions in the connected service — sent emails, modified events, posted messages
Symptom: OAuth scope on the connector shows write/manage permissions you don't remember granting
Fix: revoke the connector in Settings → Connectors, re-authenticate, decline write scopes on the consent screen
Fix: keep a one-line note of which connectors have write scope and why — make the trust grants visible

Limitations: Once granted, write scope persists until you revoke it. There's no per-prompt scope downgrade. The discipline is at the OAuth screen — slow down, decline what you don't need.

Scope creep

Best for: Connect the apps you actually use daily, read-only first. Add new connectors only when a real prompt surfaces the need.

Symptom: the agent picks unexpected connectors for tasks ("why is it using Jira here?")
Symptom: you don't remember granting access to half the apps in your connector registry
Fix: in Settings → Connectors, disable the ones you have not used in two weeks
Fix: install new connectors only when a specific prompt fails because the connector is missing

Limitations: The marginal connector adds more discovery cost than capability — until you actually have a workflow that uses it. Install reactively, not aspirationally.

Trust drift

Best for: Check the connector registry before reaching for Chrome. Connectors are stable typed contracts; UI selectors change without warning.

Symptom: tasks that should take seconds take minutes — clicks, waits, scroll, retry
Symptom: brittleness when the SaaS UI changes a selector or layout
Fix: search the connector registry for the SaaS you're driving via browser — install it if it exists
Fix: keep the Chrome bridge for genuinely UI-only workflows (configuring a vendor that has no API)

Limitations: The Chrome bridge is the right tool when there's no typed alternative — vendor onboarding, settings pages, dashboards with no API. It's the wrong tool when an MCP connector already exists.

Duplication

Best for: Before installing a plugin, list what it ships (skills, hooks, MCP servers) and read the SKILL.md descriptions. The same vetting you'd give an npm package or a VS Code extension.

Symptom: unexpected actions on certain prompts you can't trace to a skill you wrote
Symptom: new MCP servers appearing in your tool list after a plugin install
Fix: before install, expand the plugin's contents in the install dialog — read what's bundled
Fix: after install, list the plugin's skills and hooks; turn off any auto-firing hook you didn't expect

Limitations: Official doesn't mean inert. Every plugin extends the agent's authority along multiple axes simultaneously — vet accordingly.

Trust drift

Best for: Use the role plugin (sales, finance, legal, marketing, HR, etc.) — it ships the matched set of skills, connectors, and slash commands. Customize after the baseline is in muscle memory.

Symptom: prompts that should fire a skill don't, and you can't find the broken link
Symptom: the workflow has gaps you can't trace (missing connector? missing skill? wrong description?)
Fix: install the role plugin matching your domain (sales, finance, legal, etc.) and run a baseline prompt
Fix: customize from a working baseline — replace one piece at a time, never start from scratch

Limitations: Hand-assembly works for advanced users who already know the surface. For everyone else, the plugin is the path of least resistance and least missing-piece debugging.

Duplication

Mistakes scale faster than features

Each new skill is one more trigger competing for the same prompt. Each new connector with write scope is one more surface the agent can act on. Each plugin is a bundle of all three. Install one thing at a time, watch how it behaves for a few days, then install the next. Most Cowork pain comes from compounding installs, not from any single mistake.

Capability	Where the mistake hides	How to catch it early
Folder access	Over-broad mount	Per-session approval dialog shows the path — narrow it if it looks higher up the tree than the project you opened
Skills	Overlapping descriptions	Two skills both fire on the same prompt — tighten one description or remove the loser
Connectors	Excess scope	OAuth screen shows write/manage when read would do — back out and re-grant read-only
Plugins	Unread bundles	You can't list what the plugin ships without checking — read the contents before installing
Scheduled Tasks	Desktop-bound assumption	Job didn't fire — check whether the app was open; promote to a cloud Routine if reliability matters
Artifacts	Unhandled connector failures	Page shows an error when a connector goes down — build graceful degradation into the artifact prompt
Browser bridge	Using Chrome instead of an existing connector	Task is brittle and slow — check the connector registry first; keep Chrome for genuinely UI-only work
MCP servers	Trusted by default	Third-party server added without code review — audit it like any other dependency you'd add to a project

Different cut on the same eight mistakes — by capability rather than by mistake. Use this view when something feels off in a specific surface ("my scheduled task didn't run") and you want to jump to the relevant prevention.

I mounted my whole Documents folder by accidentSettings → Folder access → revoke; re-approve the narrow project folder; set Default mounts to the two or three you actually use

Last night's scheduled briefing didn't runLaptop was probably closed — rebuild as a Routine (cloud-hosted) if reliability matters; otherwise set the laptop to never-sleep on AC

Three skills keep firing on the same promptOpen each skill, tighten descriptions to the specific workflow each one owns; uninstall any that haven't earned their slot

I granted my CRM connector write access but only needed readRevoke in Settings → Connectors; re-authenticate; decline write scopes on the OAuth consent screen

I installed a third-party plugin without reading what's in itOpen the plugin in Settings → Plugins; list its skills, hooks, MCP servers; turn off any auto-firing hook you didn't intend

Cowork can't see my Notion docs even though Notion is connectedCheck connector scope — the connector may have read scope to your workspace but not to specific pages; reshare the pages or widen the scope

I'm using Chrome to drive Salesforce but there's a Salesforce connectorInstall the Salesforce connector; route the workflow through typed tool calls; keep the Chrome bridge for the few settings pages without API equivalents

I hand-installed five sales skills and the workflow has gapsInstall the sales plugin; compare its bundle against your hand-assembled set; the gaps will become obvious

I keep having to re-approve the same folder every sessionSettings → Folder access → Default mounts — add the folder so it mounts at startup

I can't tell which scheduled tasks I have running/schedule list in the prompt bar; prune any that haven't earned their slot in the last month

My artifact is broken because Gmail timed outEdit the artifact prompt to handle connector failures — show last-known-good with a stale-data flag rather than erroring the whole page

I installed the plugin but skills from it aren't firing/plugins list to verify enable state; check skill descriptions for trigger overlap with skills already installed

The agent took an action I didn't expect from a plugin I installed last weekOpen the plugin, enumerate its hooks and auto-firing skills, disable the one whose description matches the unexpected action

Three patterns under every Cowork mistake

Scope creep (over-broad authority — folders, write scopes, plugin trust). Trust drift (treating new surfaces as zero-risk because they came from a known source). Duplication (hand-assembling what a plugin or connector would do better). Every mistake on this page reduces to one of those three. Catch the pattern and you catch the mistake.

Cowork Common Mistakes

1. Mounting your whole home directory

2. Installing overlapping skills

3. Forgetting Scheduled Tasks need the app open

4. Granting write scopes when read-only would do

5. Connecting every available connector on day one

6. Driving a browser when an MCP connector exists

7. Treating a plugin as zero-risk because it's "official"

8. Hand-installing pieces instead of using a plugin

Mistakes scale faster than features

Three patterns under every Cowork mistake