Agent Skills Framework Emerges

A coding agent is good at writing the next file. A production engineer is good at proving that file should exist, that it passes tests, and that it does not open a security hole. That gap is what this new wave of “Agent Skills” is trying to close. (github.com) (anthropic.com) An Agent Skill is basically a saved playbook. Anthropic’s docs describe skills as folders that package instructions, metadata, scripts, and reference material so an agent can load the right procedure when a task matches it. (anthropic.com) (agentskills.io) That sounds small, but it changes how the model works. Instead of stuffing one giant prompt with every company rule, the agent keeps lightweight descriptions at startup and only loads the full workflow when it needs it, which is closer to how a human engineer pulls up the right checklist at the right moment. (anthropic.com) The specific repository getting attention this week is Addy Osmani’s `agent-skills`, which describes itself as “production-grade engineering skills for AI coding agents.” Its README says the point is to stop agents from skipping specs, tests, security reviews, and other steps that make software reliable. (github.com) The workflow is laid out like an assembly line: define, plan, build, verify, review, ship. In the repo, those stages map to slash commands like `/spec`, `/plan`, `/build`, `/test`, `/review`, and `/ship`, so the agent is nudged to move through checkpoints instead of jumping straight to code. (github.com) That “spec first” idea is not coming out of nowhere. GitHub published its own open-source “Spec Kit” in September 2025 and framed the same problem very directly: agent-written code often “looks right” but misses the real intent unless the specification becomes the shared source of truth. (github.blog) The cross-platform angle is why people are paying attention. The `agent-skills` repo says its skills are plain Markdown and can work with Claude Code, Cursor, Windsurf, GitHub Copilot, Codex, and other agents that accept instruction files, while the broader Agent Skills site pitches the format as an open standard meant to travel across products. (github.com) (agentskills.io) That portability matters because teams do not all use one tool. Microsoft’s.NET team already maintains a public `dotnet/skills` repository with install steps for Claude Code and Copilot Command Line Interface, plus preview support in Visual Studio Code, which shows large engineering groups are already treating skills as reusable infrastructure rather than one-off prompts. (github.com) The security piece is also getting pulled closer to the workflow. GitHub says its Copilot cloud agent checks generated code for security issues by default and also asks Copilot code review for a second opinion before finishing a pull request, which is the same general direction these skill frameworks are pushing: code generation tied to review gates. (docs.github.com 1) (docs.github.com 2) The bigger shift is that prompts are starting to look less like magic spells and more like standard operating procedures. If teams keep adopting skills, the question for agent-written code stops being “did the model answer?” and becomes “which spec, which tests, which review path, and which audit trail did it follow?” (agentskills.io) (github.com)