“Skills Are All You Need”
Why the unit of scale for enterprise AI isn’t only the agent

The pattern is familiar. A team builds an agent to automate triage. Another builds one to coordinate patches. A third builds one for incident reporting. Six months later, the organisation has a dozen agents, each carrying its own connectors to the same CMDB, its own approval logic, its own interpretation of what “policy compliant” means. The integration work has been done three times. The governance work has been done nowhere.

This is the agentic scaling problem, and it arrives faster than most organisations expect.

The instinct is to treat it as a coordination problem: better documentation, a shared tool library, maybe a platform team. Those help at the margins. They don’t fix the underlying architectural mistake, which is that the agent has been made the only unit of delivery. Everything that capability requires – connectors, rules, evidence, cost – lives inside it.

The fix is to change the unit. Not the agent, but the skill.

What a skill actually is

A skill is a callable enterprise capability with a stable contract. It defines its inputs, outputs, error codes, policy requirements, and telemetry expectations. It may wrap an API, a workflow, a model endpoint, or a data pipeline. Whatever it wraps, its external behaviour is bounded and testable, and every invocation leaves an audit trail.

The distinction that matters is governance. A tool is a thin wrapper over an API, useful in a prototype, but without the contract, versioning, ownership, or lifecycle management that production operations demand. A skill promotes that wrapper to a managed capability with a cost envelope and a defined retirement path.

The distinction from an agent is scope. Agents interpret intent, plan multi-step work, handle dialogue, manage exceptions. Skills execute bounded operations where determinism, auditability, and cost predictability are what the organisation actually needs. The architectural move is to separate reasoning from execution.

If a capability can be executed deterministically, execute it as a skill. Reserve open-ended reasoning for work where deterministic execution isn’t available or isn’t economical.

Why the economics matter

Token spend is the wrong accounting unit for enterprise AI. An agent that reasons in open-ended loops produces costs that vary by an order of magnitude depending on the model’s path through a problem. That volatility makes managed services packaging nearly impossible and portfolio investment decisions harder still.

Skills change the accounting. Each invocation is metered at the boundary: compute time, backend calls, model tokens if used internally, cache hits, evidence storage. The skill manifest declares a cost envelope; expected p50, p95, and maximum cost per invocation. If a bounded cost can’t be declared, the capability stays experimental.

That’s a filter, not a restriction. A capability without a bounded cost envelope isn’t production-ready regardless of what it does. The skill contract forces that discipline earlier than it would otherwise arrive.

Security as a side effect of architecture

The most discussed risk in agentic systems is prompt injection. A skill-centric design mitigates it structurally: privileged actions sit behind a gateway that enforces authorisation independently of what the agent requests. Even if a malicious instruction manipulates the agent’s reasoning, the gateway evaluates the requested skill, scope, and parameters against policy. The agent’s conclusion is irrelevant to whether the action is permitted.

Lateral movement gets less attention and is equally serious. A compromised agent that can invoke any skill in the catalogue becomes a pivot point across the entire enterprise. Graph-aware guardrails restrict which skills any given agent is permitted to chain, containing blast radius before an incident rather than after.

Supply-chain risk is the third category. When skills are shared across teams or published to a marketplace, they’re software supply-chain artefacts: signed, carrying provenance metadata, and passing through certification tiers before reaching production.

MCP and the control plane

MCP and function calling are the transport surfaces through which agents invoke skills. They work with the skills architecture, not against it.

The skill platform sits behind both. It provides the manifest (the platform contract covering ownership, policy, lifecycle, and cost), the gateway (authentication, authorisation, quotas, and audit), and the runtime (where execution happens). Skills are exposed through MCP by default so any compatible agent runtime can discover and invoke them. The MCP tool schema is derived from the skill manifest directly, which prevents drift between what the platform governs and what the agent sees.

MCP is the interoperability layer. The skill gateway is the control plane. The manifest is the single source of truth.

What the portfolio produces

Each skill built once can serve every agent, workflow, and application that subsequently needs it. The marginal cost of the next agent that reuses an existing skill is substantially lower than the cost of an agent that had to build its own connectors.

Models will change. Agent frameworks will change. A well-governed capability catalogue outlasts both.

The vulnerability remediation case in the full whitepaper makes this concrete: a three-agent architecture with nine separately maintained connectors, redesigned around six certified skills, produces consistent approval enforcement, automatic audit assembly, and roughly 40% lower p95 cost per case. The numbers are illustrative; the structural direction isn’t.

Where to start

Most organisations can reach gateway enforcement – the second maturity level in the five-stage model – within 90 days. The practical sequence: inventory duplicated tools across existing agent implementations, define a minimal manifest schema and gateway policy templates, stand up registry and telemetry infrastructure, then migrate the five to ten highest-reuse capabilities into certified skills while retiring the duplicates.

The test for production readiness is whether you can state a bounded cost envelope and a rollback path. If you can’t, it stays experimental.

The full whitepaper, Skills Are All You Need: A capability-first architecture for enterprise agent ecosystems, is available from the HDS Centre for Architecture and AI.