Skill Structure Enables Repeatable Task Execution
AI agents excel at factual recall like Kubernetes architecture or SQL history but fail on procedural knowledge, such as a 47-step compliant financial report workflow. Skills solve this with a skill.md markdown file in a folder. YAML frontmatter requires a name (e.g., "PDF Builder") and description as the trigger condition (e.g., "use when user asks to extract a PDF"). Optional fields include author and version. Below frontmatter, plain markdown provides step-by-step instructions, rules, input/output examples. Optional folders add power: scripts (JavaScript, Python, bash executables), references (extra docs loaded on need), assets (templates, data files). This format injects "how-to" judgment into agents, versionable via Git and portable across platforms.
Progressive Disclosure Scales to Hundreds of Skills
Loading full instructions for hundreds of skills at startup exhausts LLM context windows. Progressive disclosure uses three tiers: Tier 1 loads only name and description metadata (low token cost, like a table of contents). Tier 2 pulls full skill.md body when LLM reasoning matches user request to description trigger. Tier 3 loads optional scripts, references, assets only for specific tasks. LLM decides matches autonomously, making precise descriptions critical for accurate triggering. Result: Agents start lightweight, expand context just-in-time, handling complex repeatable tasks without prompt repetition or guessing.
Skills Complement RAG, MCP, Fine-Tuning for Full Memory
Skills provide procedural memory (step order, judgment), mirroring human cognition: semantic (facts) via RAG (runtime knowledge chunks), episodic (experiences) via conversation logs, procedural via skills. Compare: MCP grants tool access (APIs, services) but not when/how to use; RAG supplies references without workflows; fine-tuning embeds knowledge permanently but costs high and breaks on model updates. Skills integrate with these—MCP for invocation, skills for timing/sequence—while staying cheap, updatable, cross-platform. Open standard at agentskills.io (Apache 2.0) adopted by Claude Code, OpenAI Codex, others ensures portability.
Security Demands Code Review Like Dependencies
Executable scripts access filesystems, env vars, API keys, enabling local execution. Audits reveal risks in public skills: prompt injection, tool poisoning, malware. Install like software deps—review code, understand actions—before local runs to build trust.