Documentation navigation

Skills

A skill is a reusable instruction asset stored at project level and attached to one or more nodes.

Workflow

  1. Find or create a skill for the project.
  2. Submit it to the mandatory security review.
  3. Store it in the project registry only after a passing verdict.
  4. Attach the reviewed skill to a node.
  5. Run the node and inspect the trace.

The security review checks for unsafe instruction patterns, prompt injection, and possible data-exfiltration behaviour. A failed review blocks storage and use through every path, including the UI, API, SDK synchronization, and Co-pilot actions.

Runtime behaviour

Passing skills attached to a node are loaded into its runtime instructions. Nodes can disable runtime skill injection, and a skill can be marked required so execution fails clearly if it cannot be loaded.

Project-level registration avoids repeating the same review whenever an approved skill is reused by another node.

Operational guidance

  • Treat third-party skills as code and review their source and license.
  • Keep credentials and private data out of skill instructions.
  • Re-run tests when a skill changes a node’s available tools or expected output.
  • Inspect the node trace to confirm which skills were loaded.

See Nodes, Runs and traces, and Roles and governance.