Agent Skills for Large Language Models: Architecture, Acquisition, Security, and the Path Forward
Summary
This survey details the rapid evolution of agent skills for large language models (LLMs), which enable dynamic capability extension without retraining by providing composable packages of instructions, code, and resources. The field is organized into four axes: architectural foundations, including the SKILL.md specification and Model Context Protocol (MCP); skill acquisition methods like reinforcement learning with SAGE, autonomous discovery with SEAgent, and compositional synthesis; deployment within the computer-use agent (CUA) stack, highlighting advancements in GUI grounding and benchmarks like OSWorld; and security, revealing that 26.1% of community-contributed skills contain vulnerabilities. The paper proposes a Skill Trust and Lifecycle Governance Framework, a four-tier, gate-based permission model, to address these security concerns and outlines seven open challenges for realizing trustworthy, self-improving skill ecosystems.
Key takeaway
For AI Scientists and CTOs deploying LLM agents, the shift to modular agent skills necessitates a robust security strategy. Given that 26.1% of community skills contain vulnerabilities, you must implement a multi-tiered governance framework, like the proposed Skill Trust and Lifecycle Governance Framework, to manage skill provenance, verification, and runtime permissions. This approach is critical to mitigate prompt injection, data exfiltration, and privilege escalation risks, ensuring the integrity and safety of your agentic systems.
Key insights
Agent skills modularize LLM capabilities, extending functionality dynamically while introducing significant security challenges.
Principles
- Skills provide procedural knowledge, not just tool execution.
- Progressive disclosure minimizes context window consumption.
- Trust tiers should align permissions with skill provenance.
Method
The proposed Skill Trust and Lifecycle Governance Framework uses four verification gates (static analysis, semantic classification, sandboxing, permission manifest validation) to assign skills to graduated trust tiers, with continuous runtime monitoring for lifecycle evolution.
In practice
- Use SKILL.md for structured, dynamically loaded instructions.
- Implement multi-stage verification for community-contributed skills.
- Consider capability-based permissions for agent tools.
Topics
- Agent Skills
- Large Language Models
- Computer-Use Agents
- Model Context Protocol
- Agent Security
Code references
Best for: AI Scientist, Research Scientist, CTO, AI Researcher, AI Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.MA updates on arXiv.org.