AI Agent Skills: What They Are, How They Work, and How to Use Them

An AI agent can reason, call APIs, and generate text. But without specific instructions for how to approach a task, every session starts generic. The agent doesn’t know your team’s review standards, your preferred output format, or the steps your workflow requires. You end up re-explaining the same context every time.

Agent skills solve this. A skill is a reusable instruction package, written in markdown, that teaches an agent how to handle a specific task the same way every time. Think of it as a recipe card: it tells the agent what to do, what order to follow, what to check, and when to stop. Install a skill once, and the agent applies it automatically whenever a matching task comes up.

The concept became a formal standard in December 2025, when Anthropic published the Agent Skills specification. Within 48 hours, Microsoft and OpenAI adopted it. Within 90 days, 32 tools from competing companies had implemented support. By early 2026, more than 90,000 public skills were available across 19 compatible agents.

This guide covers what agent skills actually are, how the standard works under the hood, how skills differ from tools and workflows, the state of the ecosystem, and what to watch out for when using them.

TL;DR

• Agent skills are reusable instruction packages, not general capabilities. A skill is a SKILL.md file that teaches an agent how to perform a specific task reliably, following the open standard published by Anthropic in December 2025.
• Progressive disclosure keeps things fast. Agents load only skill names and descriptions at startup (~100 tokens each), then read full instructions only when a matching task is detected.
• Skills, tools, and workflows are three different layers. Skills provide knowledge (how to approach a task), tools via MCP provide capability (API access), and workflows define fixed execution paths. They work together, not as alternatives.
• The ecosystem grew fast. 32 tools adopted the standard in 90 days. More than 90,000 skills are available on skills.sh alone, and the ecosystem grew 18.5x in just 20 days in January 2026.
• Not all skills are safe. A Snyk audit found 13.4% of audited skills contained critical security issues. Install from trusted sources and read the SKILL.md before running it.

What Agent Skills Actually Are

A skill is a folder containing a file called SKILL.md. That file has two parts: YAML frontmatter with metadata, and markdown instructions that tell the agent how to perform a task.

The frontmatter is minimal. Two fields are required: name (what the skill is called) and description (a short summary of what it does). Optional fields include license, compatibility, metadata, and allowed-tools, which restricts which external tools the skill can access.

The markdown body is where the actual instructions live. This isn’t a prompt or a knowledge dump. A well-written skill reads like a step-by-step workflow: what to check first, what actions to take, what output to produce, and what criteria determine success.

Here’s what a basic skill folder looks like:

my-skill/
  SKILL.md          # required: metadata + instructions
  scripts/          # optional: automation scripts
  references/       # optional: reference documents
  assets/           # optional: templates, examples

One analogy that makes this concrete: if the agent is a chef and MCP tools are the kitchen equipment (oven, knives, mixer), then skills are the recipes. The recipe doesn’t replace the equipment. It tells the chef what to cook, in what order, and how to know when it’s done.

The key distinction is that skills are not general agent capabilities like reasoning, memory, or self-correction . Those are architectural features of the agent itself. Skills are external instruction sets you install to extend what the agent knows how to do. An agent with strong reasoning but no skills is like a talented chef with no recipes: capable, but improvising every time.

That raises the next question: if an agent can have dozens of skills available, how does it avoid getting overwhelmed? The answer is a loading mechanism called progressive disclosure.

How Agent Skills Work: Progressive Disclosure

The reason agents can carry dozens of skills without slowing down comes from a three-stage loading pattern:

1. Advertise: When the agent starts, it reads only the name and description from each skill’s frontmatter. This costs roughly 100 tokens per skill, so even 50 installed skills add minimal overhead.
2. Load: When a user’s request matches a skill’s description, the agent reads the full SKILL.md body. The recommended size is under 5,000 tokens, enough for detailed workflows without flooding the context window.
3. Read resources: If the skill references supporting files (scripts, templates, reference documents in subdirectories), the agent loads those only when the instructions call for them.

This three-stage approach means you can install skills broadly without worrying about performance. The agent keeps its context lean until a skill is actually needed, then loads exactly what’s required.

Skills tell agents how to do things. But they work alongside two other layers that handle what agents can do and in what order.

Skills vs Tools vs Workflows

These three terms get used interchangeably, but they describe different layers of the agent ecosystem. Getting the distinction right matters for understanding what to build, what to install, and what to connect.

In practice, all three work together. Consider a content publishing workflow: the skill instructs the agent on editorial standards and what to check in each draft. The MCP tools give the agent access to the CMS, analytics platform, and image service. The workflow defines the fixed sequence: research, draft, edit, review, publish.

One insight from Addy Osmani captures what separates effective skills from weak ones: skills should be “process over prose, workflows over reference, steps with exit criteria over essays without them.” A skill that reads like a reference document doesn’t work well. A skill that reads like a checklist with clear success criteria does.

The fourth layer worth mentioning is prompts. A prompt is a one-shot instruction that guides reasoning in a single conversation. Skills are persistent: install once, and the agent applies them whenever relevant. Prompts are ephemeral: they guide one interaction and then they’re gone.

Understanding these layers helps explain why the skills ecosystem has grown so quickly. When skills are standardized, portable, and easy to share, adoption compounds fast.

The Agent Skills Ecosystem in 2026

The speed of adoption has been unusual, even by AI standards.

Anthropic published the Agent Skills specification on December 18, 2025. Within 48 hours, Microsoft integrated support into VS Code Copilot and OpenAI added it to Codex CLI. Within 90 days , 32 tools had adopted the standard, including Google Gemini CLI, JetBrains Junie, Cursor, Goose, and Windsurf.

The skill supply grew even faster. A Bosch Research and CMU study tracking the ecosystem found it grew 18.5x in just 20 days in January 2026, going from roughly 2,179 published skills to over 40,000. A single day (January 25) saw 8,857 new skills published.

By early 2026, the landscape looks like this:

• skills.sh (by Vercel): the most referenced directory, with 90,000+ skills across 19 compatible agents
• SkillsMP: an aggregator listing over 500,000 skills across multiple registries
• SkillHub, agentskill.sh, LobeHub: additional directories with varying curation and security vetting

Enterprise adoption has been equally fast. Microsoft, Google, JetBrains, AWS, Vercel, Stripe, and Remotion have all published official skills. Governance of the standard moved to the AI Agent Interoperability Foundation (AAIF), with 146 member organizations as of February 2026.

Rapid growth has created both opportunity and risk. The opportunity is clear: a reusable skill built for one agent works on any compatible platform. The risk is that marketplace growth has outpaced the quality and security controls needed to support it.

Security: What to Watch Out For

Skills run with the agent’s full permissions. When you install a skill, it can instruct the agent to read your files, execute shell commands, access API keys, and interact with connected services. That makes malicious skills significantly more dangerous than a bad npm package running in a sandbox.

A Snyk audit of 3,984 agent skills in February 2026 found that 13.4% contained critical security issues, including malware, prompt injection, and exposed secrets. The most notable incident involved ClawHub, a coordinated campaign that published over 335 malicious skills designed to steal credentials.

Practical rules for staying safe:

• Install from trusted sources. Stick to official skill repositories from Anthropic, Vercel, Microsoft, and other established publishers. Community skills can be valuable but need more scrutiny.
• Read the SKILL.md before installing. The instructions are plain markdown. If a skill includes commands that access credentials, exfiltrate data, or run obfuscated scripts, skip it.
• Prefer skills with high install counts. Popular skills from known authors have more community scrutiny.
• Use the allowed-tools field. Skills can declare which MCP tools they’re permitted to use. Skills that request access to everything deserve skepticism.
• Check security-vetted directories. Platforms like agentskill.sh and SkillsDirectory include manual review processes for listed skills.

The security picture is improving as more marketplaces add review processes and the AAIF works on formal standards. But for now, treat skill installation with the same caution you’d give any code that runs with your credentials.

With the risks in context, here’s how to actually start using skills.

Getting Started with Agent Skills

If you want to try agent skills, the barrier to entry is low.

Installing a skill takes one command:

npx skills add owner/repo

This pulls the skill from its source repository and places it in your project’s skill directory.

Where skills live depends on scope:

• Project-level: .agents/skills/ or .claude/skills/ in your project directory. These skills are available only when working in that project.
• Global: ~/.claude/skills/ on your machine. These skills are available across all projects.

Start by browsing skills.sh , which lets you search and filter skills by category, agent compatibility, and install count. Official skills from Anthropic, Vercel, and Microsoft are a safe starting point.

For teams, skills solve the consistency problem. Instead of each team member writing their own prompts for recurring tasks (code review, content formatting, data analysis), you install a shared skill and everyone’s agent follows the same process. Update the skill once, and every agent picks up the change.

Platforms like Craze let you create your own skills, upload existing ones, and give your agents access to them alongside your connected tools. If you want to try building a skill for your team’s workflows, start here .

What Comes Next

The agent skills ecosystem is still early. The standard is less than six months old, and marketplace growth has outpaced the security and quality controls needed to support it at scale. Curation, vetting, and governance will matter more as the catalog grows.

For most people, the practical starting point is straightforward: browse what’s available, install a few skills from trusted sources, and see how they change the way your agent handles recurring tasks. The agents that deliver the most value aren’t the ones with the most skills installed. They’re the ones whose skills match the work they actually need to do.