Skills
Agent SkillsSKILL.md file with YAML frontmatter (name, description) and markdown instructions, plus optional scripts/, references/, and assets/ directories.
Skills use progressive disclosure: metadata is injected into the system prompt upfront (~100 tokens), and full instructions are loaded on demand via a tool call. This avoids flooding the context window with instructions the agent may not need.
The harness supports four skill sources:
| Source | Description | When to use |
|---|---|---|
|
AWS Skills |
Pre-built skills for AWS services from the AWS Agent Toolkit |
You want ready-made AWS expertise with zero setup. |
|
Git (HTTPS) |
Clone a skill from any public or private Git repository. Supports subdirectories. |
You want to reference skills from GitHub, GitLab, or any git host without uploading to S3. |
|
Amazon S3 |
Fetch a skill from a customer-owned S3 bucket using the execution role. |
You want full control over versioning, encryption, and access governance. |
|
Path (filesystem) |
Reference a skill already present on the harness filesystem (baked into the container image or installed via |
The skill is part of your container image or was installed at session start. |
Skills are fetched once per session on the first invocation. Within a session, skills persist on disk across multiple invocations. When the VM expires and a new session starts, skills are re-fetched to guarantee freshness.
You can set skills as a default on the harness (via CreateHarness or UpdateHarness), or override per invocation. Invoke-time skills are appended after create-time skills; if both define a skill with the same name, the invoke-time version wins.
AWS Skills
AWS skills are pre-built skills that enable your agents to interact with AWS services. They are organized hierarchically and selected via glob patterns. View their source on GitHub
| Category | Pattern | Typical skills |
|---|---|---|
|
Core skills |
|
EC2, S3, Lambda, DynamoDB, CloudWatch, IAM operations. |
|
Analytics skills |
|
Athena, Glue, QuickSight, data lake operations. |
|
Operations skills |
|
Troubleshooting, diagnostics, log analysis. |
|
Storage skills |
|
S3, EFS, FSx, Backup operations. |
Enable all AWS skills
Example
Enable skills by category
Use glob patterns to enable specific skill categories:
Example
Enable a single specific skill
response = client.invoke_harness( harnessArn=HARNESS_ARN, runtimeSessionId=SESSION_ID, skills=[{"awsSkills": {"paths": ["core-skills/aws-cdk"]}}], messages=[{"role": "user", "content": [{"text": "Create a CDK stack for a Lambda function."}]}], )
Combine multiple patterns
skills=[{"awsSkills": {"paths": ["core-skills/aws-cdk", "core-skills/aws-serverless", "specialized-skills/storage-skills/*"]}}]
Note
-
Paths must be relative (no leading
/or..). Absolute paths and path traversal are rejected. -
If a glob pattern matches no skills, the invocation fails with a descriptive error.
-
Multiple
awsSkillsentries in the same payload are merged.
Git (HTTPS) skills
Clone a skill from any public or private Git repository. Supports subdirectories within monorepos using sparse checkout.
Example
-
url(required) - HTTPS URL of the Git repository. -
path(optional) - subdirectory within the repo containing the skill. If omitted, the repository root is used. -
auth.credentialArn(optional) - ARN of an API key credential provider holding a personal access token for private repos. -
auth.username(optional) - git username, defaults tooauth2.
Git fetch must complete within 60 seconds. If the repository requires internet egress, ensure your VPC has a NAT gateway (same requirement as remote MCP servers and custom container pulls).
Amazon S3 skills
Fetch a skill from a customer-owned S3 bucket. Uses the harness execution role credentials.
Example
-
uri(required) - S3 URI pointing to the skill directory (e.g.,s3://bucket/prefix/). -
The execution role must have
s3:GetObjectands3:ListBucketpermissions on the bucket. See Security and access controls. -
Each S3 skill must be 1 GB or smaller.
-
S3 sources work with S3 VPC endpoints (no NAT gateway required).
Filesystem path skills
Reference a skill already on the harness filesystem - baked into the container image or installed at session start via InvokeAgentRuntimeCommand.
Example
Bake into the container image
Include the skill directory in your custom image:
COPY skills/xlsx .agents/skills/xlsx
Install at session start
Use InvokeAgentRuntimeCommand before the first agent invocation:
agentcore invoke --exec --harness my-agent --session-id "$SESSION" \ "git clone --depth 1 https://github.com/anthropics/skills /tmp/skills && cp -r /tmp/skills/skills/xlsx .agents/skills/xlsx"
Combine multiple skill sources
All four source types can coexist in a single payload:
response = client.invoke_harness( harnessArn=HARNESS_ARN, runtimeSessionId=SESSION_ID, skills=[ {"awsSkills": {"paths": ["core-skills/aws-cdk"]}}, {"git": {"url": "https://github.com/anthropics/skills", "path": "skills/docx"}}, {"s3": {"uri": "s3://my-bucket/skills/company-style/"}}, {"path": ".agents/skills/xlsx"}, ], messages=[{"role": "user", "content": [{"text": "Help me with this project."}]}], )
Error handling
All fetch failures fail the invocation with a descriptive error. Skills are never silently skipped.
| Failure | Error message |
|---|---|
|
S3 access denied |
|
|
S3 object not found |
|
|
Git clone fails (network) |
|
|
Git auth denied |
|
|
Git path not found in repo |
|
|
Git timeout (60s) |
|
|
Skill exceeds 1 GB limit |
|
|
AWS skill path matches nothing |
|
|
Path traversal ( |
|
|
AWS skills bundle missing |
|
Related topics
-
Tools - connect MCP servers, Gateway, Browser, and Code Interpreter
-
Environment and filesystem - custom container images and environment configuration
-
Memory - persist conversations across sessions
-
Security and access controls - execution role policies for skill sources
