diff --git a/.forgejo/workflows/notify-dependents.yml b/.forgejo/workflows/notify-dependents.yml
new file mode 100644
index 0000000..e0e8795
--- /dev/null
+++ b/.forgejo/workflows/notify-dependents.yml
@@ -0,0 +1,63 @@
+name: notify-dependents
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  notify:
+    runs-on: docker
+    steps:
+      - name: Trigger dependent skills reinstall
+        shell: python3 {0}
+        env:
+          CLIENT_KEY: ${{ secrets.CLIENT_KEY }}
+          API_BASE: https://api-gw-test.yuanwei-lnc.com
+          FORGEJO_BASE: http://192.168.0.108:3030
+        run: |
+          import json, os, sys
+          from urllib.request import urlopen, Request
+          from urllib.error import HTTPError
+
+          api_base   = os.environ['API_BASE'].rstrip('/')
+          client_key = os.environ['CLIENT_KEY']
+          forgejo    = os.environ['FORGEJO_BASE'].rstrip('/')
+
+          # Skills that depend on auth-runtime
+          dependents = [
+              {"skill_slug": "1688-product-master",    "repo_url": f"{forgejo}/agent-skills/1688-product-master.git"},
+              {"skill_slug": "client-finder",           "repo_url": f"{forgejo}/agent-skills/client-finder.git"},
+              {"skill_slug": "email-content-compose",   "repo_url": f"{forgejo}/agent-skills/email-content-compose.git"},
+          ]
+
+          def post(url, body, headers=None):
+              hdrs = {'Content-Type': 'application/json'}
+              if headers:
+                  hdrs.update(headers)
+              req = Request(url, data=json.dumps(body).encode(), headers=hdrs, method='POST')
+              try:
+                  with urlopen(req) as r:
+                      return r.status, json.loads(r.read())
+              except HTTPError as e:
+                  return e.code, json.loads(e.read())
+
+          # Get session to find hook URL + token
+          status, resp = post(f'{api_base}/auth/skill-credit/session', {'clientKey': client_key})
+          hook_url   = resp.get('hookUrl', '')
+          hook_token = resp.get('hookToken', '')
+
+          if not hook_url:
+              print(f'ERROR: no hookUrl in session response (HTTP {status}): {resp}', flush=True)
+              sys.exit(1)
+
+          print(f'Notifying {hook_url} to reinstall {len(dependents)} dependent skill(s)...', flush=True)
+
+          # Send skill-update webhook to trigger reinstall of all dependents
+          status, resp = post(hook_url, {'skills': dependents}, {
+              'Authorization': f'Bearer {hook_token}',
+              'X-Hook-Event': 'skill.allowlist.updated',
+          })
+
+          print(f'Hook response (HTTP {status}): {json.dumps(resp, indent=2)}', flush=True)
+          if not (200 <= status < 300):
+              sys.exit(1)