Skip to main content
Skills are Markdown files that provide your agents with reusable workflows and context for when to use their tools. Agent Studio maintains a catalog of skills that any agent can use. Add a skill once, then enable it for individual agents from their configuration page.

Viewing available skills

To view your available skills:
  1. Select Add-ons from the left-hand navigation, then select Skills.
  2. Select a skill to expand it and view its description.
Add-ons Skills page showing available skills with plugin labels
To show skills registered by plugins, open the Filter dropdown beside the search box at the top of the page and select Show plugin items.

Adding a skill from GitHub

To add a skill from a public GitHub repository:
  1. Select Add-ons from the left-hand navigation, then select Skills.
  2. Select Add.
  3. Enter the GitHub repository Owner and Repository name.
  4. (Optional) Enter a Skill name to add a specific skill from the repository. Leave this field blank to add all skills in the repository.
  5. Select Add to Catalog.
    Add Skill dialog showing owner, repository, and skill name fields

Deleting skills

  1. Select Add-ons from the left-hand navigation, then select Skills.
  2. Select on the skill’s row.
  3. Select Delete to remove it from the catalog.
Deleting a skill removes it from the catalog. Agents that have the skill enabled are not affected until they are next updated.
Skills registered by plugins cannot be deleted from this page. Manage them through the plugin’s own configuration.

Scanning skills for security threats

Agent Studio can scan skills for security vulnerabilities using static analysis and optional AI-assisted reasoning. Scans identify potential threats such as dangerous code execution patterns, suspicious behavior, and injection risks.
Scan results are best-effort and are not a certification of safety.
To scan a skill:
  1. Select Add-ons from the left-hand navigation, then select Skills.
  2. Select the skill you want to scan.
  3. Select Security.
  4. (Optional) Enable Deep scan with AI for an additional semantic pass that sends the skill’s content to your configured AI provider.
  5. Select Start scan.
To run the scan again, select Re-scan.

Severity levels

The scan summary displays the highest severity found across all findings:

Critical

Immediate security risk requiring attention.

High

Significant risk that should be addressed before use.

Medium

Potential risk worth reviewing (for example, use of subprocess.run with untrusted input).

Low

Minor concern with limited risk.

None

No issues found.

Deep scan with AI

By default, scans use offline analyzers (static analysis, bytecode inspection, and behavioral analysis). Enabling Deep scan with AI adds a semantic pass that uses your configured AI provider to reason about the skill’s intent.
Deep scan with AI requires a configured AI provider with a valid API key. If no compatible provider is available, the toggle is disabled.

Enabling a skill for an agent

Once a skill is in the catalog, you can enable it for individual agents from the agent’s configuration page. See Skills for instructions.