GitHub CLI Adds 'gh skill' Command, Turning Anthropic's Agent Skills Standard Into a Package Manager for AI Coding Agents
The new public-preview command installs, pins, updates, and publishes portable skills for Copilot, Claude Code, Cursor, Codex, Gemini CLI, and Antigravity — with git-backed provenance and an explicit prompt-injection warning.
Overview
GitHub on April 16 added a gh skill command to its command-line interface, letting developers install, pin, update, and publish AI agent skills from any GitHub repository. The feature, announced on the GitHub changelog, requires GitHub CLI v2.90.0 or later and is launching in public preview.
The command targets a fragmented ecosystem. According to the GitHub changelog, gh skill supports six agent hosts out of the gate: GitHub Copilot, Claude Code, Cursor, Codex, Gemini CLI, and Antigravity. The same changelog entry lists five top-level subcommands — install, search, preview, update, and publish — along with flags for version pinning (--pin), agent targeting (--agent), and installation scope (--scope).
What Are Agent Skills
Agent Skills are an open specification for packaging instructions, scripts, and resources that AI coding agents can load on demand. Anthropic introduced the format for Claude in October 2025 and then released it as an open standard in December, publishing a specification and reference SDK at agentskills.io. A skill is a directory containing at minimum a SKILL.md file with YAML frontmatter and Markdown instructions; optional subdirectories hold scripts, references, and assets.
The design relies on progressive disclosure. As Anthropic’s engineering team describes it, agents read only the skill’s name and short description to decide whether it applies, loading full instructions and attached files only when a task triggers the skill. That keeps context windows lean even when an organization installs dozens or hundreds of skills.
Adoption has spread beyond Claude. Per InfoQ’s January 2026 reporting on Claude Cowork, Microsoft has integrated Skills support into VS Code and GitHub Copilot, OpenAI adopted the format for Codex CLI in December 2025, and Cursor, Goose, Amp, OpenCode, and Letta have all implemented compatible skill loading. That cross-ecosystem reach is what makes gh skill possible: a single command can target whichever agent host a developer is actually using.
What gh skill Does
According to the GitHub changelog, installation follows the pattern gh skill install OWNER/REPOSITORY SKILL, with optional @tag or @commitSHA suffixes to lock to a specific version. The --agent flag targets a particular host (for example, --agent claude-code), while --scope user controls where the skill is written.
The more novel piece is provenance. The GitHub changelog explains that when gh skill installs a skill, it writes tracking metadata — the source repository, the git ref, and the tree SHA — directly into the SKILL.md frontmatter. Running gh skill update then compares local tree SHAs against the remote to detect real content changes, skipping anything the user has pinned. GitHub frames the result as bringing “the same guarantees you expect from package managers to the skills ecosystem.”
A companion gh skill publish command lets skill authors ship releases through GitHub, leaning on immutable git tags as the distribution substrate rather than a separate registry.
Security Caveats
GitHub is explicit that skills are not reviewed or verified on the way in. The changelog warns that skills “may contain prompt injections, hidden instructions, or malicious scripts” and instructs users to inspect any skill before installation with gh skill preview. That warning reflects a real risk: a skill is, by design, a block of instructions the agent will follow, which means a malicious SKILL.md is a prompt-injection payload wrapped in a package.
The decision to rely on existing git primitives — signed tags, tree SHAs, repository visibility — rather than a curated registry is deliberate. It avoids GitHub having to act as an editorial gatekeeper for AI behavior, but it also pushes verification onto the developer installing the skill.
Why It Matters
Skills have so far lived inside individual agent products. Claude Code has its own skill directory; Cursor and Codex have their own mechanisms for loading the same files. gh skill is the first distribution tool that treats skills the way npm, pip, or Homebrew treat libraries — as versioned, pinnable, auditable artifacts that move between environments.
That matters for teams standardizing on multiple AI coding tools. A code-review skill authored once can now be installed against Copilot in one repository and Claude Code in another with a single command, pinned to the same commit, and updated in lockstep when the upstream maintainer ships a new version.
It also strengthens the case that Agent Skills are becoming a cross-vendor substrate rather than a Claude-only convention. VentureBeat’s coverage of the December 2025 standards release framed the move as Anthropic challenging OpenAI in enterprise workflow AI, with partner skills from Atlassian, Figma, Canva, Stripe, Notion, and Zapier in the initial directory. GitHub’s CLI integration is the clearest sign yet that the format has cleared the bar to become infrastructure that sits below the individual agent-product layer.
What We Don’t Know
GitHub has not said when gh skill will exit public preview, whether enterprise administrators will eventually be able to gate which repositories are permitted as skill sources, or whether a verified-publisher layer will emerge on top of the current “inspect before you install” model. The changelog explicitly notes the feature “is subject to change without notice.” How the broader ecosystem responds to the prompt-injection surface area that a package-manager workflow opens up is likely to shape the next iteration of the specification.