feat(skills): add agent skills as a plugin

[mkmeral]

Motivation

See design strands-agents/docs#528

This PR adds SkillsPlugin, a first-class plugin that brings Agent Skills support to Strands. It follows the spec's progressive disclosure model: lightweight metadata (name + description) is injected into the system prompt at startup, and full instructions are loaded on-demand when the agent activates a skill via a tool call. This keeps context usage low while giving agents access to rich, task-specific instructions when needed.

Public API Changes

New SkillsPlugin class and Skill dataclass, both exported from the top-level strands package:

from strands import Agent
from strands.plugins.skills import SkillsPlugin, Skill

# Load skills from filesystem (individual dirs or parent dirs)
plugin = SkillsPlugin(skills=["./skills/pdf-processing", "./skills/"])

# Or provide Skill instances directly
skill = Skill(name="my-skill", description="A custom skill", instructions="Do the thing")
plugin = SkillsPlugin(skills=[skill])

agent = Agent(plugins=[plugin])

The plugin registers a skills tool that the agent calls to activate a skill by name. When activated, the tool returns the full instructions along with metadata (allowed tools, compatibility, location) and a listing of available resource files (scripts/, references/, assets/) for filesystem-based skills.

Skills can be managed at runtime via a symmetric property and a resolution method:

# Direct replacement with Skill instances
plugin.available_skills = [skill_a, skill_b]

# Load and append from filesystem paths (resolves paths, Skill instances, or parent dirs)
plugin.load_skills(["./new-skills/", another_skill])

Skill metadata is injected into the system prompt as XML before each invocation, with special characters escaped:

<available_skills>
<skill>
<name>pdf-processing</name>
<description>Extract text and tables from PDF files.</description>
<location>/path/to/pdf-processing/SKILL.md</location>
</skill>
</available_skills>

The active skill selection is persisted to agent.state for session recovery.

Use Cases

• Skill libraries: Point the plugin at a directory of skills and let the agent pick the right one based on the user's request
• Dynamic specialization: Swap agent behavior at runtime without rebuilding prompts or agents
• Portable skills: Share skill directories across teams and agents using the Agent Skills standard format

Resolves: #1181

Documentation PR

TBD

Type of Change

New feature

Testing

• Manually tested using jupyter notebook and set of skills from anthropic/skills repository

• 100 unit tests covering the plugin, tool, XML generation/escaping, response formatting, resource listing, session persistence, and skill resolution

• 2 integration tests against a real Bedrock model: model-driven skill activation with codeword verification, and direct tool invocation with state persistence checks

• All existing tests (2145 total) continue to pass

• I ran hatch run prepare

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

❌ Patch coverage is 93.54839% with 18 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/strands/plugins/skills/skills_plugin.py	89.75%	10 Missing and 7 partials ⚠️
src/strands/plugins/skills/loader.py	98.92%	0 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[github-actions]

Assessment: Comment

This is a well-structured implementation of the AgentSkills.io integration. The code follows repository patterns, has comprehensive test coverage (56 unit + 2 integration tests), and provides a clean progressive disclosure model.

Review Categories

• API Design: Consider adding needs-api-review label since this introduces new public classes (Skill, SkillsPlugin) exported from the top-level strands package. The API documentation in the PR description is thorough.
• Security: XML generation should escape special characters to prevent injection/malformed output.
• Type Safety: The metadata field typing may be overly restrictive for YAML frontmatter values.
• Naming: Tool name skills could be more descriptive (e.g., activate_skill).

Nice progressive disclosure pattern and clean integration with the existing plugin system! 🎯

[github-actions]

Follow-up Review: Changes Addressed ✅

Thank you for addressing the review feedback! The new commit looks good:

• ✅ XML special characters are now properly escaped using xml.sax.saxutils.escape
• ✅ Skill.metadata now uses dict[str, Any] to preserve YAML frontmatter values
• ✅ available_skills property is now symmetric (list[Skill] in/out) with a separate load_skills() method for path resolution
• ✅ Error messages now consistently include available skills
• ✅ New test added for XML escaping (test_escapes_xml_special_characters)

Minor suggestion (optional)

Consider adding tests for the new load_skills() method on the plugin class to ensure it properly merges skills and handles duplicates:

def test_load_skills_merges_with_existing(self, tmp_path):
    """Test that load_skills merges with existing skills."""
    plugin = SkillsPlugin(skills=[_make_skill(name="existing-skill")])
    _make_skill_dir(tmp_path, "new-skill")
    
    plugin.load_skills([tmp_path / "new-skill"])
    
    assert len(plugin.available_skills) == 2
    names = {s.name for s in plugin.available_skills}
    assert names == {"existing-skill", "new-skill"}

Note: This PR introduces new public classes (Skill, SkillsPlugin) exported from the top-level strands package. Consider adding the needs-api-review label per the API bar raising process.

[agent-of-mkmeral]

During adversarial testing, I found one edge case that was missed:

Finding: <location> element not XML-escaped in skills_plugin.py

What's the issue?

In skills_plugin.py, the _generate_skills_xml method escapes name and description but not the path:

# Lines 276-280 in skills_plugin.py
lines.append(f"<name>{escape(skill.name)}</name>")      # ✅ escaped
lines.append(f"<description>{escape(skill.description)}</description>")  # ✅ escaped
if skill.path is not None:
    lines.append(f"<location>{skill.path / 'SKILL.md'}</location>")  # ❌ NOT escaped!

Why does it matter?

If a skill directory path contains <, >, or & characters, the generated XML becomes malformed and cannot be parsed.

Reproduction

from pathlib import Path
import xml.etree.ElementTree as ET

# Simulate path with special chars
path = Path("/tmp/skill<dir>&test")
xml = f"<location>{path / 'SKILL.md'}</location>"

ET.fromstring(xml)  # Raises xml.etree.ElementTree.ParseError

Suggested Fix

- lines.append(f"<location>{skill.path / 'SKILL.md'}</location>")
+ lines.append(f"<location>{escape(str(skill.path / 'SKILL.md'))}</location>")

Severity: Medium - While filesystem paths with <, >, & are rare, the inconsistency with the existing escaping pattern for name and description is worth fixing for robustness.

[Unshure]

Just curious here, but why @Property over just name = "skills". Its fewer lines of code, and conveys the same information.

[mkmeral]

I think this is python related, from my agent:

The Plugin base class defines name as an @abstractmethod property, so subclasses need to implement it as a property

[Unshure]

I tested this locally and it worked:

    name = "skills"

Can you make the update?

[Unshure]

unresolving to ask: Why not have a get_available_skills and set_available_skills? Its a bit more obvious that there is more going on under the hood when you use a method rather than a property

[sanjolia]

This single active-skill constraint is quite limiting, and contradicts one of the key-benefits of agent-skills from Claude, i.e. capability composition by combining multiple skills for complex workflows. https://platform.claude.com/docs/en/agents-and-tools/agent-skills/overview#why-use-skills.

With this implementation, activating multiple skills would require multiple sequential round-trips between LLM and tool-calls? That'd impact the agent's E2E response latency.

[Unshure]

from strands.plugins import SkillsPlugin

agent = Agent(plugins=[SkillsPlugin(".")])

This is my minimal code example for skills. Two notes:

• Can we rename SkillsPlugin to Skills, and maybe rename the Skill dataclass?
  • Maybe SkillsPlugin -> Skills, Skill -> AgentSkill?
• Can you update skills to take in a single string, path, or skill, not just a list?

[Unshure]

Had an odd interaction when using an agent with no skills:

from strands import Agent
from strands.plugins import SkillsPlugin

agent = Agent(plugins=[SkillsPlugin(".")])

while True:
    agent(input("\nInput: "))

Interaction:

Input: Hello
Hello! How can I help you today? I have access to various skills that I can activate to assist you with different tasks. Is there something specific you'd like to work on or learn about?
Input: can you list the skills you have access to?
I don't have a direct way to list all available skills, but I can activate specific skills by name using the skills tool. The skills would typically be listed in my system prompt under an "available_skills" section, but I don't currently see that information in my prompt.

If you have a particular task in mind or know the name of a skill you'd like me to use, I can try to activate it for you. Alternatively, you could let me know what you're trying to accomplish, and I can suggest whether there might be a relevant skill available.

What would you like help with today?

Should we raise an error if no skills are available? Should we inform the agent that no skills were loaded? Or should we not inject skill information if there are no skills available?

[Unshure]

If the skill result includes resources, can the agent query them? If not, should we even include this if the agent cant do anything with them?

Maybe if a skill has resources, and no way to read them, we log a warning and dont include them?

[Unshure]

How is an agent intended to use this information? Should we even include it until we understand how it should be used?

For example, if this isnt the right way to expose this information, and we are instead just supposed to attach these tools, removing this information would be a breaking change.

Just general feedback: I think we should be minimal in what information we provide to the Agent until we have a clear idea on how they will integrate with strands.

[Unshure]

With that in mind, should we release this as experimental?

[Unshure]

Should we consider lenient validation as a follow-up? https://agentskills.io/client-implementation/adding-skills-support#lenient-validation

[Unshure]

The docs call out system prompt and tools as two different approaches to loading skills. If we want to support loading multiple skills, just returning it in the tool result will probably be easier: https://agentskills.io/client-implementation/adding-skills-support#where-to-place-the-catalog

Then we dont need to maintain state too