Two terms keep coming up in AI tooling conversations: skills and plugins. They sound similar. They are not.
A skill is a set of instructions that tells an AI tool how to do one specific task. A plugin bundles multiple skills (and other components) into a package you can install and share. Skill is the recipe. Plugin is the cookbook.
Both matter because they change how organizations scale AI adoption. Instead of every person writing their own prompts from scratch, you write a skill once and everyone uses it.
Link to What a skill looks likeWhat a skill looks like
A skill is a folder with one file: SKILL.md. Plain markdown. No programming required.
--- name: review-pr description: Review a pull request for security, tests, and style violations --- # Pull Request Review 1. Read the diff of the current pull request. 2. Check for common security issues. 3. Verify that new functions have tests. 4. Flag style guide violations. 5. Post review comments on the PR.
The top section is metadata: a name and a description. The bottom is instructions the AI follows step by step. That is the entire format.
The AI reads the description to decide when to use it. When a skill matches what you asked for, it loads the full instructions. When nothing matches, it handles your request normally. You can also call a skill directly by name.
Link to What a plugin looks likeWhat a plugin looks like
A plugin wraps skills and other components into one installable package. It has a manifest file (plugin.json) with a name, version, and description.
Beyond skills, a plugin can include:
- Agents: Specialized AI assistants tuned for specific jobs
- Hooks: Automated actions triggered by events (like running a linter after every edit)
- MCP servers: Connections to external tools like Slack, Jira, or a database
- Commands: Custom slash commands that kick off workflows
You install a plugin with a single command. Everything inside it, including the external tool connections, comes with it. No separate setup.
Link to When to use a skill vs a pluginWhen to use a skill vs a plugin
Use a skill when you have one repeatable workflow. Deploying to staging. Reviewing a PR. Prepping for a sales call. Writing a status update in a specific format. If the task is self-contained and the instructions fit in one file, a skill is enough.
Use a plugin when you have a collection of related skills that should travel together, or when the workflow needs external tool connections. A "sales enablement" plugin might bundle skills for call prep, account research, and deal analysis, plus an MCP connection to your CRM. The plugin keeps all of that packaged and versioned as one thing.
Use neither when the task is genuinely one-off. Not everything needs to be a skill. If you are only going to do it once, just ask the AI directly.
Link to The format is universalThe format is universal
This is the part worth knowing. Almost every major AI tool adopted the same SKILL.md format.
Claude Code (Anthropic), Codex CLI (OpenAI), Gemini CLI (Google), GitHub Copilot, Cursor, and Windsurf all read the same files. Write a skill once and it works across all of them.
Anthropic released the Agent Skills specification as an open standard in December 2025. OpenAI and Google adopted it shortly after. All three co-founded the Agentic AI Foundation under the Linux Foundation to govern the standard. Over 30 tools support it now.
The reason it spread fast is that skills are just markdown. No binary format, no compilation, no runtime. The barrier to adoption is zero.
Some tools that do not support the shared format (Amazon Q, JetBrains AI, Aider, Continue.dev) have their own customization systems, but those are siloed. You cannot take them across providers.
Link to How companies distribute themHow companies distribute them
Every provider supports a similar pattern for pushing skills and plugins to an organization.
An admin creates a central repository (usually on GitHub) with a list of approved plugins. Employees get prompted to install them when they open a project. Admins control what gets installed: available for self-service, installed by default, required, or hidden for staging.
Admins can also lock down which sources employees are allowed to install from. This matters because 12-20% of skills on at least one public marketplace were found to be malicious in security audits. I wrote more about the broader AI agent security landscape separately.
The governance model across all providers is the same: anyone can create a skill locally, sharing goes through version control, and org-wide deployment requires admin privileges. Low friction to experiment. Controlled friction to distribute.
Link to How skills connect to external toolsHow skills connect to external tools
Skills tell the AI what to do. But a skill that says "post the result to Slack" needs a way to actually reach Slack.
There are a few ways to wire that up. Direct API calls work if your skill includes a script that hits an endpoint. Some plugins bundle custom tool integrations that call APIs directly. But the approach gaining the most traction is MCP (Model Context Protocol), an open standard for connecting AI tools to external services. Every major AI tool supports it now, and MCP servers can be bundled inside plugins so they install automatically.
MCP is not the only option, but it is becoming the default because it is standardized. You write the connection once and it works across providers, rather than building separate integrations for each tool.
Link to The security sideThe security side
Three numbers worth knowing:
- 12-20% of skills on ClawHub (a public marketplace) were found to be malicious
- 1 in 8 enterprise security incidents now involve an AI agent system (CrowdStrike 2025)
- 78% of compromised agents had broader permissions than they needed
The OWASP Foundation published a top 10 for AI agent security. The top threats: goal hijacking, tool misuse, over-permissioned agents, supply chain attacks through malicious plugins, and unexpected code execution.
The practical version: install skills from trusted sources only, keep permissions tight, review skills like you review code, and pin your versions.
Link to Where this is goingWhere this is going
Only 20% of companies have a mature governance model for AI agents. The skills ecosystem went from nothing to hundreds of thousands of indexed skills in under four months. Over 30 products adopted the same format in the same period. 60,000+ GitHub repos use the cross-tool AGENTS.md instruction standard.
The companies that figure out how to create, share, and govern skills are going to move faster than those still asking every person to write their own prompts. The format is markdown. The barrier is low. The hardest part is identifying which workflows are worth standardizing, and the people doing the work already know the answer to that.