Skills (Glossary): What They Are in Tool-Enabled Agents
Skills are callable integrations/capabilities an agent uses. Learn what skills mean, why they increase risk, and how to vet them.
Skills
Definition: Skills are callable integrations or capability modules that extend what an agent can do beyond text.
Why It Matters
Skills are both the utility multiplier and the risk multiplier. The more access they have, the larger the blast radius.
Think of it this way:
- Without skills: An agent can only generate text
- With skills: An agent can send emails, access files, make API calls, browse the web
Common Skill Types
| Skill Type | Examples | Risk Level |
|---|---|---|
| Read-only | Browsing, searching, reading docs | Low |
| Communication | Sending emails, posting messages | Medium-High |
| File operations | Creating, editing, deleting files | Medium-High |
| Code execution | Running scripts, processing data | High |
| Account access | Managing settings, credentials | Very High |
The Risk Equation
Risk = (Skill Power) × (Permission Scope) × (Attack Surface)Each skill you add multiplies potential risk. That's why least privilege matters.
Safe Default
- Least privilege: only grant what's needed
- Sandbox first: test with dummy data
- Approvals for irreversible actions: human confirms before delete/send/pay