Skills as Expertise Modules: Building Reusable Solutions That Load On-Demand

What if your AI assistant could load decades of methodology—but only when needed?

Most AI systems dump everything into one massive context. Security frameworks, writing guides, career coaching, legal references—all loaded every session whether you use them or not.

That's wasteful. Context has cost (tokens) and limits (memory).

Intelligence Adjacent solves this with skills—modular expertise that loads on demand. This follows Anthropic's guidance on building effective agents: keep tools focused and load context progressively.

The Problem: Context Bloat

Think of it like packing for a trip. You could bring your entire wardrobe, every book you own, and tools for every possible situation. Or you could pack what you need for this trip.

Most AI frameworks pack everything. Every methodology, every template, every reference—loaded at startup. By the time you add security standards, writing guides, and compliance frameworks, you're consuming thousands of tokens before doing any actual work.

Skills are selective packing. Running a pentest? Load security-testing methodology. Writing a blog post? Load writer skill with brand guidelines. Analyzing a job posting? Load career skill with OSINT research patterns.

Load what you need. Leave the rest.

The Solution: Hierarchical Context Loading

The framework uses three layers:

Layer 1: Navigation (CLAUDE.md)
Under 150 lines. Answers: "Where do I go next?"

Layer 2: Skills (SKILL.md files)
Under 500 lines each. Contains complete methodology for one domain.

Layer 3: Reference (loaded on-demand)
Frameworks, standards, templates. Pulled only when the skill needs them.

User: "Run a pentest"
      ↓
CLAUDE.md (~150 lines)
      "Security work → security agent"
      ↓
agents/security.md (~150 lines)
      "Pentest → security-testing skill"
      ↓
skills/security-testing/SKILL.md (~500 lines)
      Complete methodology, tool catalog, workflows
      ↓
reference/ptes-standard/ (on-demand)
      PTES framework sections as needed

Token savings: 90%+ compared to loading everything at startup.

The Skills

The framework includes specialized skills across multiple domains: security testing and advisory, content creation, personal development, compliance, and support skills that other skills delegate to.

Skills are organized by category—security, compliance, content, advisory, and support—with each skill containing complete methodology for its domain. The framework grows as new skills are added.

For the complete current list of skills with descriptions and commands, see the IA Framework Reference: Skills.

Key examples:

• Security skills handle pentesting, code review, threat intelligence, and vulnerability assessment
• Content skills manage blog writing, documentation, and diagram generation
• Advisory skills cover career development, fitness programming, and research
• Compliance skills address regulatory requirements like ISO 12100 and NIST frameworks
• Support skills provide shared capabilities like OSINT research and QA review

How Skills Work

Every skill follows the same pattern:

1. Decision Tree
The SKILL.md file routes to the right workflow based on what you're doing.

2. Mode Selection
Most skills have multiple modes. Security-testing has Director (autonomous), Mentor (learning), and Demo (testing). Career has Fast (quick analysis) and Deep (comprehensive research).

3. Workflow Execution
The skill follows its methodology—gathering context, executing steps, producing deliverables.

4. Reference Loading
When the skill needs framework details (PTES for pentesting, Diátaxis for docs), it loads just those sections.

5. Output Placement
Results go to standardized locations. Engagement findings to output/engagements/. Blog content to blog/. Reports to structured directories.

Skill Structure

Each skill lives in skills/{name}/ with consistent structure:

skills/security-testing/
├── SKILL.md              # Decision tree, routing (~500 lines)
├── workflows/            # Step-by-step procedures
│   ├── pentest-init.md   # Pentest workflow
│   ├── vuln-scan.md      # Vulnerability scanning
│   └── segmentation.md   # Network segmentation
├── reference/            # Loaded on-demand
│   ├── ptes/             # PTES framework
│   └── owasp/            # OWASP testing guide
├── scripts/              # Executable tools
└── templates/            # Reusable outputs

SKILL.md is the brain—it decides what to do based on your request.

workflows/ contains detailed procedures—loaded when that specific workflow runs.

reference/ holds frameworks and standards—loaded only when needed for that engagement.

Progressive Disclosure in Practice

Here's how a pentest request flows:

You say: "Run a pentest on acme.com"

Layer 1 loads (CLAUDE.md): Routes to security agent.

Layer 2 loads (security agent): Routes to security-testing skill.

Layer 3 loads (SKILL.md): Decision tree selects pentest workflow, asks for mode (Director/Mentor/Demo).

Workflow loads: pentest-init.md provides the step-by-step procedure.

Reference loads: PTES sections relevant to web application testing.

Total context: ~1,200 lines instead of 10,000+.

The framework loaded exactly what was needed—nothing more.

Support Skills: Delegation Pattern

Some skills exist solely to support other skills:

osint-research: Dual-source research using Claude WebSearch and Grok. When career skill needs company intelligence, it delegates to osint-research. When security-testing needs threat landscape, same delegation.

qa-review: Dual-model peer review using Haiku (structured analysis) and Grok (adversarial perspective). When writer finishes a draft, it delegates to qa-review. Rating must hit 5/5 before publishing.

create-skill: Meta-skill with templates for creating new skills, agents, commands, hooks. When you need to extend the framework, create-skill provides the scaffolding.

This delegation pattern means methodologies are defined once and reused everywhere.

Adding New Skills

The framework is extensible. Use the /create-skill command for guided scaffolding:

/create-skill
# Prompts for: name, description, modes, agent
# Creates: SKILL.md with YAML frontmatter, workflow placeholders

Or manually:

1. Copy template from library/templates/SKILL-TEMPLATE.md
2. Fill YAML frontmatter (name, description, agent)
3. Write decision tree (mode detection, workflow routing)
4. Create workflows in workflows/ directory
5. Add reference materials to reference/ if needed
6. Test invocation through the appropriate agent

The framework discovers new skills automatically through YAML manifest parsing. No central registry to update.

The Philosophy

Skills embody the Intelligence Adjacent principle: solve once, reuse forever.

When you solve a problem thoroughly—pentesting methodology, blog writing workflow, job analysis process—you capture it as a skill. That skill becomes reusable infrastructure.

Each new skill added is a permanent solution to a category of problems. You never solve that problem from scratch again.

What you do: Provide the request ("pentest this app", "write about X", "analyze this job").

What the framework does: Routes to the right skill, loads the right methodology, executes the workflow, produces professional deliverables.

You focus on decisions. The framework handles execution.

Related Posts

• IA Framework Architecture - How skills fit the larger system
• Slash Commands Deep Dive - Commands that invoke skills
• Agent Architecture - How agents route to skills
• VPS Server Tools - Tools that skills use

Sources

Framework & Architecture

• IA Framework Repository - Full source code and skill implementations
• Building Effective Agents - Anthropic - Progressive disclosure patterns
• Claude Code Skills - Official skill system documentation

Methodologies Referenced

• PTES - Penetration Testing Execution Standard - Security methodology
• OWASP Testing Guide - Web application security
• NIST Cybersecurity Framework - Risk assessment standards
• Diátaxis Documentation Framework - Technical writing structure
• CIS Benchmarks - System hardening standards