Skills
A skill is a reusable instruction asset stored at project level and attached to one or more nodes.
Workflow
- Find or create a skill for the project.
- Submit it to the mandatory security review.
- Store it in the project registry only after a passing verdict.
- Attach the reviewed skill to a node.
- Run the node and inspect the trace.
The security review checks for unsafe instruction patterns, prompt injection, and possible data-exfiltration behaviour. A failed review blocks storage and use through every path, including the UI, API, SDK synchronization, and Co-pilot actions.
Runtime behaviour
Passing skills attached to a node are loaded into its runtime instructions. Nodes can disable runtime skill injection, and a skill can be marked required so execution fails clearly if it cannot be loaded.
Project-level registration avoids repeating the same review whenever an approved skill is reused by another node.
Operational guidance
- Treat third-party skills as code and review their source and license.
- Keep credentials and private data out of skill instructions.
- Re-run tests when a skill changes a node’s available tools or expected output.
- Inspect the node trace to confirm which skills were loaded.
See Nodes, Runs and traces, and Roles and governance.