Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This author does not realize that skills can call APIs. The idea that you have to build dedicated CLI apps is not true at all and invalidates the entire article.


No, the point was that you don’t have access to a CLI in every environment.


You could have access to a web browser or web request tool instead.


There is no world in which an enterprise is not OK with an agent having access to a CLI but is OK with possibly getting prompt injected from a random web search.


He did. That's what the "you aren’t forcing the user to manage raw tokens and secrets in plain text." bit comes in.


Can you clarify what exactly you mean? Skills are markdown files, so they definitely can't call APIs or CLIs. Are you saying that a skill can tell the agent to use curl to call web APIs? Or something different?


Technically they can at least how I'm using or abusing them - I ride windows so they have a generic powershell script bolted on to handle special API use through the skill to make it easier for the agent to call data up noted in the skill. does it lack full API details? absolutely. I have also a learning skill where if it has to go for a think / fail / try to figure something new out to grow a new skill or update an existing one.

skills to me suck when they are shared with a team - haven't found the secret sauce here to keep these organic skills synced between everyone


Skills can bundle scripts. Skills can express how to use curl. Skills can integrate with your fips keys if you want them to.


https://agentskills.io/specification

* references/ Contains additional documentation that agents can read when needed

* scripts/ Contains executable code that agents can run.

* assets/ Contains static resources


They almost certainly mean skills can tell the agent to use the api, and it can succeed at doing that.


And call MCPs as well




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: