GitHub CLI Ships 'gh skill' — A Package Manager for AI Agent Instructions (April 2026)
GitHub on April 16, 2026 added a new 'gh skill' command group to its CLI, bringing package-manager-style install, update, and publish workflows to the portable agent skills that run inside Copilot, Claude Code, Cursor, Codex, Gemini CLI and Antigravity. The feature shipped in public preview as part of GitHub CLI v2.90.0.
GitHub on shipped gh skill, a new command group inside the GitHub CLI that treats portable AI agent instructions like packages — complete with search, install, pinning, preview and publish workflows. The feature landed in public preview as part of GitHub CLI v2.90.0 and works across six agent hosts on day one: GitHub Copilot, Claude Code, Cursor, Codex, Gemini CLI, and Google Antigravity.
What Happened
In a changelog post, GitHub framed agent skills as “portable sets of instructions, scripts, and resources that teach AI coding agents how to perform specific tasks.” Until now, each agent host had its own bespoke mechanism for loading those instructions. The new gh skill command group normalizes all of that on top of an open Agent Skills specification and uses plain GitHub repositories as the distribution layer. A developer can now run gh skill install github/awesome-copilot [email protected] and the same skill file will activate inside Claude Code, Cursor, or Copilot, depending on which host is running.
Version 2.90.0 also bundled two smaller quality-of-life changes: official extension suggestions (so typing gh stack offers to install the extension instead of returning a generic error), and authentication-free extension installs for public releases.
gh skill command group in GitHub CLI v2.90.0.Key Details
- Six core commands:
gh skill search,gh skill preview,gh skill install,gh skill update(with--all),gh skill publish(with--dry-run), andgh skill list. - Version pinning: installs accept either a git tag (
@v1.2.0) or a commit SHA, giving skills the same reproducibility guarantees developers already expect from npm or pip. - Supply-chain primitives: GitHub’s existing repository features — tag protection rules, secret scanning, code scanning, and immutable releases — are inherited by published skills. Every release is tied to a git tag, and
gh skill publishoffers to turn on immutable releases so the content can’t be altered after publication. - Content-addressed change detection: the CLI hashes each skill’s git tree SHA so
gh skill updatecan tell the difference between a genuine new version and a silently republished tag. - Cross-host portability: skills carry portable provenance metadata in their file frontmatter so the same
SKILL.mdworks inside Copilot, Claude Code, Cursor, Codex, Gemini CLI, and Antigravity without per-host rewriting.
What Developers Are Saying
The reaction on Hacker News and r/programming is divided. Supporters call gh skill the first serious attempt to unify what has so far been a chaotic ecosystem of hand-rolled prompt files, .cursor/ folders, and bespoke CLAUDE.md conventions. Several commenters compared it directly to npm for the agent-instructions era.
Security-minded developers are less impressed. GitHub’s own documentation warns that “skills are not verified by GitHub and may contain prompt injections, hidden instructions, or malicious scripts” — language that immediately drew comparisons to recent disclosures in which PR titles and issue comments were weaponized to exfiltrate credentials through Claude Code, Gemini CLI, and GitHub Copilot Agent. Anthropic recently rated one such prompt-injection path a CVSS 9.4 Critical. The gh skill preview command — which dumps a skill’s contents to stdout before installation — is GitHub’s recommended mitigation, but critics point out that few developers will actually read every line of an installed skill, the same way they don’t audit every transitive npm dependency.
What This Means for Developers
If you are already writing agent prompts in a .cursor/rules folder, a private CLAUDE.md, or a Copilot custom instructions file, gh skill gives you a path to share and version those files without inventing a distribution system. For teams, pinning a skill to a commit SHA produces a reproducible agent setup in a way that has not existed before — a skill update can no longer silently change your agent’s behavior between sprints.
The flip side is real. Every skill you install is, effectively, unreviewed code that an AI agent will execute on your behalf, with access to your repository context and, potentially, your credentials. Teams adopting gh skill should run gh skill preview in CI before pinning new versions, prefer skills from organizations they already trust, and pin every install to a commit SHA rather than a mutable tag until GitHub adds first-party verification.
What's Next
GitHub has flagged gh skill as public preview and explicitly “subject to change without notice.” The company is iterating on the open Agent Skills specification in the github/awesome-copilot repository, which is already home to the reference skill catalog. A skills registry at agentskills.so has emerged in parallel, already listing 40,000+ community-contributed skills synced to Cursor, Claude Code, Copilot, OpenAI Codex, and Antigravity.
Sources
- GitHub Changelog — Manage agent skills with GitHub CLI — the official announcement.
- GitHub CLI v2.90.0 release notes — the shipping release with full command list.
- gh skill manual — reference documentation.
- GitHub Docs — Adding agent skills for GitHub Copilot CLI.
- Aonan Guan — prompt injection credential theft research — security context for the warnings in the CLI docs.
- agentskills.so — community skill registry that sits on top of the new protocol.
Stay up to date with Doolpa
Subscribe to Newsletter →