Agent Skills for Large Language Models: Architecture, Acquisition, Security, and the Path Forward
arXiv:2602.12430v2 Announce Type: cross Abstract: The transition from monolithic language models to modular, skill-equipped agents marks a defining shift in how large language models (LLMs) are deployed in practice. Rather than encoding all procedural knowledge within model weights, agent skills -- composable packages of instructions, code, and resources that agents load on demand -- enable dynamic capability extension without retraining. It is formalized in a paradigm of progressive disclosure, portable skill definitions, and integration with the Model Context Protocol (MCP). This survey provides a comprehensive treatment of the agent skills landscape, as it has rapidly evolved during the last few months. We organize the field along four axes: (i) architectural foundations, examining the {SKILL.md} specification, progressive context loading, and the complementary roles of skills and MCP; (ii) skill acquisition, covering reinforcement learning with skill libraries, autonomous skill di
arXiv:2602.12430v2 Announce Type: cross Abstract: The transition from monolithic language models to modular, skill-equipped agents marks a defining shift in how large language models (LLMs) are deployed in practice. Rather than encoding all procedural knowledge within model weights, agent skills -- composable packages of instructions, code, and resources that agents load on demand -- enable dynamic capability extension without retraining. It is formalized in a paradigm of progressive disclosure, portable skill definitions, and integration with the Model Context Protocol (MCP). This survey provides a comprehensive treatment of the agent skills landscape, as it has rapidly evolved during the last few months. We organize the field along four axes: (i) architectural foundations, examining the {SKILL.md} specification, progressive context loading, and the complementary roles of skills and MCP; (ii) skill acquisition, covering reinforcement learning with skill libraries, autonomous skill discovery (SEAgent), and compositional skill synthesis; (iii) deployment at scale, including the computer-use agent (CUA) stack, GUI grounding advances, and benchmark progress on OSWorld and SWE-bench; and (iv) security, where recent empirical analyses reveal that 26.1% of community-contributed skills contain vulnerabilities, motivating our proposed Skill Trust and Lifecycle Governance Framework -- a four-tier, gate-based permission model that maps skill provenance to graduated deployment capabilities. We identify seven open challenges -- from cross-platform skill portability to capability-based permission models -- and propose a research agenda for realizing trustworthy, self-improving skill ecosystems. Unlike prior surveys that broadly cover LLM agents or tool use, this work focuses specifically on the emerging skill abstraction layer and its implications for the next generation of agentic systems. Project repo: https://github.com/scienceaix/agentskills
Executive Summary
The article 'Agent Skills for Large Language Models: Architecture, Acquisition, Security, and the Path Forward' presents a comprehensive survey of the rapidly evolving landscape of agent skills for large language models (LLMs). It introduces the concept of agent skills as composable packages of instructions, code, and resources that enable dynamic capability extension without retraining. The survey is organized along four axes: architectural foundations, skill acquisition, deployment at scale, and security. It highlights the importance of the {SKILL.md} specification, progressive context loading, and the Model Context Protocol (MCP). The article also addresses security concerns, revealing that 26.1% of community-contributed skills contain vulnerabilities, and proposes a Skill Trust and Lifecycle Governance Framework. The authors identify seven open challenges and propose a research agenda for realizing trustworthy, self-improving skill ecosystems.
Key Points
- ▸ Introduction of agent skills as composable packages for dynamic capability extension.
- ▸ Comprehensive survey organized along four axes: architecture, acquisition, deployment, and security.
- ▸ Highlight of the {SKILL.md} specification and Model Context Protocol (MCP).
- ▸ Security concerns with 26.1% of community-contributed skills containing vulnerabilities.
- ▸ Proposal of a Skill Trust and Lifecycle Governance Framework.
- ▸ Identification of seven open challenges and a research agenda for future development.
Merits
Comprehensive Coverage
The article provides a thorough and well-organized survey of the agent skills landscape, covering architectural foundations, skill acquisition, deployment, and security.
Practical Insights
The article offers practical insights into the deployment and security of agent skills, including the introduction of the Skill Trust and Lifecycle Governance Framework.
Forward-Looking Agenda
The article identifies open challenges and proposes a research agenda, which is crucial for the future development of trustworthy and self-improving skill ecosystems.
Demerits
Limited Empirical Data
While the article provides a comprehensive survey, it could benefit from more empirical data to support some of its claims, particularly in the areas of skill acquisition and deployment.
Complexity of Implementation
The proposed frameworks and models, such as the Skill Trust and Lifecycle Governance Framework, may be complex to implement in practice, which could limit their immediate applicability.
Expert Commentary
The article 'Agent Skills for Large Language Models: Architecture, Acquisition, Security, and the Path Forward' provides a timely and comprehensive survey of the emerging landscape of agent skills for LLMs. The concept of agent skills as composable packages of instructions, code, and resources represents a significant shift from monolithic language models to modular, skill-equipped agents. This shift enables dynamic capability extension without retraining, which is a crucial advancement in the field of AI. The article's organization along four axes—architectural foundations, skill acquisition, deployment at scale, and security—provides a structured and thorough analysis of the current state and future directions of agent skills. The introduction of the {SKILL.md} specification and the Model Context Protocol (MCP) highlights the importance of standardized frameworks in enabling interoperability and scalability. The article's focus on security is particularly noteworthy, as it reveals that a significant portion of community-contributed skills contain vulnerabilities. The proposed Skill Trust and Lifecycle Governance Framework offers a promising approach to addressing these security concerns. The identification of seven open challenges and the proposal of a research agenda further underscore the article's forward-looking perspective. However, the article could benefit from more empirical data to support some of its claims, particularly in the areas of skill acquisition and deployment. Additionally, the complexity of implementing the proposed frameworks may pose challenges in practical applications. Overall, the article makes a significant contribution to the field of AI and provides valuable insights for researchers, practitioners, and policymakers.
Recommendations
- ✓ Further empirical research should be conducted to validate the claims and proposals made in the article, particularly in the areas of skill acquisition and deployment.
- ✓ Efforts should be made to simplify the implementation of the proposed frameworks, such as the Skill Trust and Lifecycle Governance Framework, to enhance their practical applicability.