Shipping Agent Skills Like NPM Packages: Secure, Reusable Expertise

Right now, most teams hardcode their AI agents' expertise. If you want a Pull Request Review Agent to check for React performance regressions, you shove a 500-word essay about useMemo directly into its main system prompt. When you build a second agent that also needs that context, you copy-paste the essay. Six months later, your performance standards change, and you are hunting down orphaned strings across 14 microservices. The industry solution is abstracting expertise into "Skills"—portable bundles of instructions and tool schemas. But as a security-minded engineer, dynamically loading text and executable tool schemas from disk (or the network) should make you sweat. If you don't validate these skill packages, you are opening your application to Path Traversal (LFI) and Supply Chain Prompt Injection. Here is how to package agent capabilities like NPM dependencies, secured by strict type contracts and sandboxed contexts. Why This Matters (The Audit Perspective) An agent is a generic r