What Are Agentic Skills and Why They’re Set to Explode

Overview of Agentic Skills

Software engineering is undergoing a structural transformation that moves from "AI Assistance" (autocomplete and chat) to "AI Agency" (autonomous planning and execution). At the core of this shift is a standardized, programmable unit called a Skill , defined as a directory containing a SKILL.md file with YAML metadata and Markdown instructions.

Historical Origin and Industry Adoption

The concept was first introduced by Anthropic’s Claude Code, which stores abilities as files on the filesystem. By early 2026, both GitHub Copilot and Google AntiGravity have adopted compatible Skill architectures, establishing an industry‑wide standard that moves behavior definition from model trainers to end‑developers.

Technical Anatomy of a Skill

A Skill consists of two layers:

YAML Frontmatter (metadata) : loaded at agent startup; includes fields such as name, description, version, and license. Example:

---
name: database-migration-helper
description: Analyzes the current schema and generates a safe migration script for PostgreSQL. Use this when the user asks to update the database structure or modify tables.
version: 1.0.0
license: MIT
---

Markdown Instruction Body : loaded only when the user query semantically matches the description. This separation implements "Progressive Disclosure", keeping the agent lightweight while allowing virtually unlimited capabilities.

Concrete example – a Database Migration Helper skill includes prerequisites (check Alembic, verify DB connection) and a step‑by‑step Procedure list that enforces safety checks before applying migrations.

Progressive Disclosure Mechanism

The loading process has three stages:

Discovery : only the YAML metadata (≈100 tokens) is scanned at application start to build an ability index.

Activation : when a user query matches the description, the full SKILL.md body (<5 k tokens) is injected into the context.

Execution : the agent runs referenced scripts or templates, incurring a variable token cost depending on the workload.

Platform‑Specific Implementations

Claude Code (Anthropic)

CLI‑centric; skills stored in ~/.claude/skills or project‑local .claude/skills.

Full filesystem access via a Bash tool – high security risk.

Supports plugins and ASCII‑style documentation for explainability.

GitHub Copilot (Microsoft)

Skills live in .github/skills (repo) and ~/.copilot/skills (user).

Integrated into VS Code; activated silently from Copilot Chat.

Distinguishes between always‑on custom instructions and on‑demand skills.

Google AntiGravity (Gemini 3)

Uses two concepts: Rules (policy files in .agent/rules) and Workflows (executable recipes in .agent/workflows).

Native IDE with built‑in headless Chrome for full‑stack testing.

"Turbo Mode" grants autonomous shell execution without user confirmation – extremely high risk.

Security Risks – Execution Injection

Transitioning from chat to Skills introduces a new attack surface: malicious instructions can be executed as code. Two case studies illustrate the danger:

MedusaLocker POC : a seemingly benign Claude skill was altered to encrypt and delete all files after organizing them, bypassing traditional antivirus because the AI had legitimate filesystem permissions.

Data Exfiltration Skill : a code-reviewer skill silently sent proprietary algorithm summaries to an attacker‑controlled endpoint, exploiting unrestricted internet access.

Turbo mode in AntiGravity amplified these risks, leading to a documented incident where an unchecked rm -rf command erased an entire drive.

Mitigation Strategies

Sandboxing : Claude Code now uses a dual‑layer sandbox (Bubblewrap on Linux, Seatbelt on macOS) to isolate file system and network.

Permission Scopes : Skills must declare intent (Read‑Only, Edit, Execute, Network) and require explicit per‑session user consent for higher privileges.

Audit & Version Control : Treat SKILL.md as code—review, sign, and scan for malicious instructions before deployment.

Guide for Agent Architects

Designing Skills involves choosing a "freedom spectrum":

Low Freedom : strict scripts for high‑risk tasks (e.g., database migrations) with explicit stop conditions.

Medium Freedom : template‑driven tasks such as report generation.

High Freedom : open‑ended brainstorming or code review where the agent decides format.

Organize skills in a hierarchical directory (e.g., .github/skills/ci-debugger/SKILL.md, .github/skills/web-testing/) to keep the namespace clean.

The "Skill Distillation" workflow captures repeatable solutions from chat sessions, converts them into SKILL.md, stores them in the appropriate directory, and reuses them automatically.

Debugging skills requires inspecting the agent’s chain‑of‑thought logs and ensuring the description contains the exact keywords that trigger the skill.

Future Outlook

Widespread Skill adoption shifts engineer value from memorizing syntax to orchestrating AI‑driven workflows. Organizations are seeing "secret cyborgs"—individuals who have built personal skill libraries that dramatically boost productivity. A nascent Skills Marketplace is emerging, with repositories like awesome‑claude‑skills offering commercial and open‑source skill packages.

Key recommendations for enterprises:

Standardize on the .github/skills or .claude/skills format to capture institutional knowledge.

Enforce sandboxing and disable Turbo‑mode or unrestricted shell access in production environments.

Audit every Skill as you would code—review, version‑control, and scan for malicious instructions.

Educate senior engineers to distill their workflows into Skills, enabling knowledge transfer to junior staff and AI agents.

References

https://code.claude.com/docs/en/skills

https://www.eesel.ai/blog/gpt-51-codex-max

https://platform.claude.com/docs/en/agents-and-tools/agent-skills/overview

https://medium.com/@tahirbalarabe2/what-are-agent-skills-c7793b206daf

https://github.com/github/awesome-copilot/blob/main/skills/webapp-testing/SKILL.md

https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/

https://medium.com/ai-in-quality-assurance/github-copilot-agent-skills-teaching-ai-your-repository-patterns-01168b6d7a25

https://www.firecrawl.dev/blog/claude-code-skill

https://www.codecademy.com/article/how-to-build-claude-skills

https://www.anthropic.com/engineering/code-execution-with-mcp

https://code.visualstudio.com/docs/copilot/customization/agent-skills

https://modelcontextprotocol.io/

https://www.eesel.ai/blog/claude-code-mcp-tutorial

https://www.anthropic.com/engineering/claude-code-sandboxing

https://code.claude.com/docs/en/mcp

https://blog.cloud-eng.nl/2025-12-22/copilot-customization/

https://github.com/orgs/community/discussions/183962

https://codelabs.developers.google.com/getting-started-google-antigravity

https://antigravity.google/docs/rules-workflows

https://vertu.com/lifestyle/google-antigravity-ai-catastrophic-data-deletion-a-wake-up-call-for-ai-development/

https://cloud.google.com/blog/products/data-analytics/connect-google-antigravity-ide-to-googles-data-cloud-services

https://medium.com/google-cloud/tutorial-getting-started-with-google-antigravity-b5cc74c103c2

https://ovibe.ai/t/topic/351

https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools/blob/main/Google/Antigravity/Fast%20Prompt.txt

https://gist.github.com/Phantomn/ac35e2eb15be2eb63bc58f5eeee9c99a

https://www.catonetworks.com/blog/cato-ctrl-weaponizing-claude-skills-with-medusalocker/

https://www.theregister.com/2025/10/16/anthropic_mad_skills_claude/

https://platform.claude.com/docs/en/agent-sdk/secure-deployment

https://skywork.ai/blog/ai-agent/claude-skills-security-threat-model-permissions-best-practices-2025/

https://www.petefreitag.com/blog/claude-code-permissions/

https://medium.com/spillwave-solutions/mastering-agentic-skills-the-complete-guide-to-building-effective-agent-skills-d3fe57a058f1

https://platform.claude.com/docs/en/agents-and-tools/agent-skills/best-practices

https://medium.com/@creativeaininja/how-to-actually-upload-claude-skills-without-breaking-everything-1e8c436df2f2

https://www.anthropic.com/engineering/equipping-agents-for-the-real-world-with-agent-skills

https://www.indiatoday.in/technology/features/story/claude-code-dazzles-but-why-are-coding-jobs-at-big-risk-due-to-ai-reasons-2849316-2026-01-09

https://www.index.dev/blog/google-antigravity-agentic-ide

https://masterplan.com/en-blog/ai-skills

https://github.com/heilcheng/awesome-agent-skills

https://github.com/VoltAgent/awesome-claude-skills

https://github.com/travisvn/awesome-claude-skills