Source: Claude Docs Agent Skills Overview 2026 04 17 (Anthropic platform docs — https://platform.claude.com/docs/en/agents-and-tools/agent-skills/overview.md)
The official reference page for Agent Skills — the authoritative doc on skill format, progressive-disclosure architecture, cross-surface support and limitations, and the security model. Complements the engineering blog Building Agents with Skills (narrative / philosophy) with the structural spec (VM environment, 3-level loading, field requirements, beta headers).
Key Takeaways
- Skills are filesystem-based, VM-executed. Claude runs in a virtual machine with filesystem, bash, and code execution. Skills are directories on that VM. Claude accesses them via bash — same way you’d navigate files on your machine.
- Three loading levels (Anthropic’s official numbers — slightly different from the earlier blog’s estimates):
- Level 1 (Metadata) — always loaded, ~100 tokens per Skill (just
name+descriptionfrom YAML) - Level 2 (Instructions) — loaded when Skill triggered, under 5k tokens (SKILL.md body)
- Level 3+ (Resources) — loaded as needed, effectively unlimited (bundled files executed via bash; code and contents don’t enter context)
- Level 1 (Metadata) — always loaded, ~100 tokens per Skill (just
- Scripts are token-free except for output. When Claude runs
validate_form.pyvia bash, the script’s code never loads into context. Only its output (e.g. “Validation passed”) consumes tokens. Makes scripts far more efficient than having Claude generate equivalent code on the fly. - YAML field requirements (formal spec):
name— max 64 chars, lowercase letters/numbers/hyphens only, no XML tags, cannot contain reserved words “anthropic” or “claude”description— non-empty, max 1024 chars, no XML tags
- Pre-built Agent Skills: PowerPoint (
pptx), Excel (xlsx), Word (docx), PDF (pdf). Available on Claude API and claude.ai. - API requires three beta headers to use Skills:
code-execution-2025-08-25skills-2025-10-02files-api-2025-04-14
- NOT ZDR-eligible. Agent Skills is explicitly excluded from Zero Data Retention arrangements. Skill definitions and execution data retained per Anthropic’s standard policy. Contrast with Extended Thinking which is ZDR-eligible.
- Custom Skills do NOT sync across surfaces. Claude.ai upload ≠ API upload ≠ Claude Code filesystem. Must manage separately on each surface where you want a skill available.
- Sharing scope differs by surface:
- Claude.ai — individual user only; no org-wide distribution or centralized admin management
- Claude API — workspace-wide
- Claude Code — personal (
~/.claude/skills/) or project-based (.claude/skills/); can be shared via Claude Code Plugins
- Runtime environment differs by surface:
- Claude.ai — varying network access per user/admin settings
- Claude API — NO network access, NO runtime package install, pre-configured deps only
- Claude Code — full network access (same as any program on user’s machine); global package install discouraged
- Security posture is explicit. Anthropic strongly recommends using Skills only from trusted sources. Malicious skills can direct Claude to misuse tools, leak data, or exfiltrate via external URL dependencies. “Treat like installing software.”
Progressive disclosure — quick reference
| Level | When loaded | Token cost | What |
|---|---|---|---|
| 1 | At startup (always) | ~100 tokens per Skill | name + description YAML |
| 2 | When Skill triggered | < 5k tokens | SKILL.md body |
| 3+ | As referenced | Effectively unlimited | Any bundled files — read via bash, scripts executed with output-only into context |
Minimal skill structure
pdf-skill/
├── SKILL.md # Level 1 metadata + Level 2 body
├── FORMS.md # Level 3, loaded only if form-filling needed
├── REFERENCE.md # Level 3
└── scripts/
└── fill_form.py # Level 3, code never enters context
SKILL.md YAML frontmatter:
---
name: pdf-processing
description: Extract text and tables from PDF files, fill forms, merge documents. Use when working with PDF files or when the user mentions PDFs, forms, or document extraction.
---
# PDF Processing
## Quick start
Use pdfplumber to extract text from PDFs:
...Cross-surface matrix
| Surface | Pre-built Skills | Custom Skills | Sync to other surfaces | Network | Central admin |
|---|---|---|---|---|---|
| Claude.ai | Yes | Yes (user-local, Pro+) | No | Varies by settings | No |
| Claude API | Yes | Yes (workspace-wide) | No | No | Workspace-level |
| Claude Code | No | Yes (filesystem) | No | Full | Via plugins |
API usage pattern
# (Pseudocode; actual usage requires the three beta headers)
response = client.messages.create(
model="claude-sonnet-4-6",
tools=[{"type": "code_execution_20250825"}],
container={"skill_id": "pptx"},
messages=[...]
)Pre-built skill IDs: pptx, xlsx, etc. Custom skills uploaded via /v1/skills are shared workspace-wide.
Security checklist
Before using a third-party skill:
- Read every file in the skill folder — SKILL.md, reference files, scripts, bundled resources
- Look for external URL fetches — dependencies can change and become malicious
- Check what tools the skill expects (file ops, bash, code execution) and match against Claude’s current permissions
- Verify the skill’s stated purpose matches what its scripts actually do
- If you’re uncertain — don’t install. Treat like installing software from an unknown source.
Related
- Building Agents with Skills — the narrative/philosophy companion (tax-professional analogy, 4-layer agent architecture, open-standard commitment)
- Skills + MCP Synergy — how skills and MCP compose (hardware-store analogy)
- Claude Code Skills Ecosystem — ecosystem view (broader discovery/distribution)
- Skills vs MCP vs Plugins — decision guide for picking a layer
- Skill Design Patterns — five authoring patterns
- The Complete Guide to Building Skills for Claude — Anthropic’s long-form authoring guide (PDF-sourced)
- Cowork Plugins — plugins bundle skills (plus connectors, sub-agents, commands) for Cowork
- Plugins and Marketplaces — how skills travel as part of Claude Code plugin bundles
- Extended Thinking — another API feature with contrasting ZDR eligibility
Open Questions
- Token figures reconciliation. Blog post (Building Agents with Skills) cites ~50 / ~500 / 2,000+ tokens for the three levels; official docs here say ~100 / <5k / effectively-unlimited. Are these different skill sizes or a documentation drift?
- Custom skill portability tooling. With no sync across surfaces, is there an Anthropic-provided tool to export-import between Claude.ai, API, and Claude Code? Docs imply manual.
- Non-ZDR scope. What specifically about skills triggers non-ZDR status — is it the code-execution environment, the file-storage of uploaded skills, or something else?
- Admin controls for Claude.ai. The docs explicitly say Claude.ai has no centralized admin management or org-wide distribution. Is that on the roadmap?
- Skill-to-skill invocation. Can one skill call another? Implied in the broader blog but not specified in the overview.
Try It
- Authoring sanity check. Create a minimal skill folder with a compliant SKILL.md YAML (respect the 64-char
namelimit, 1024-chardescriptionlimit, banned reserved words). Drop it in.claude/skills/and run Claude Code. Confirm the name appears in the metadata when Claude lists available skills. - Exercise the three levels. Author a skill with a SKILL.md that references a separate REFERENCE.md. Ask Claude a question that triggers the skill; then one that triggers the skill AND needs REFERENCE. Observe the difference in token usage between the two interactions.
- Test cross-surface non-sync. Author a skill in Claude Code. Verify it does NOT appear in Claude.ai unless separately uploaded. Makes the limitation concrete before shipping anything that depends on it.
- Skill security audit template. For any external skill you’re considering, run through the 5-point security checklist above before installing. Build it into your team’s review process.
- Migrate a runbook into a skill. Pick an internal runbook that currently lives in a Notion page or README. Convert to a skill with a
SKILL.mdand any referenced scripts. This is the “enterprise skill” pattern from Building Agents with Skills.