Skills as Expertise Modules: Building Reusable Solutions That Load On-Demand
Specialized skills with progressive context loading. Load only what you need, when you need it.
What if your AI assistant could load decades of methodology—but only when needed?
Most AI systems dump everything into one massive context. Security frameworks, writing guides, career coaching, legal references—all loaded every session whether you use them or not.
That's wasteful. Context has cost (tokens) and limits (memory).
Intelligence Adjacent solves this with skills—modular expertise that loads on demand. This follows Anthropic's guidance on building effective agents: keep tools focused and load context progressively.
The Problem: Context Bloat
Think of it like packing for a trip. You could bring your entire wardrobe, every book you own, and tools for every possible situation. Or you could pack what you need for this trip.
Most AI frameworks pack everything. Every methodology, every template, every reference—loaded at startup. By the time you add security standards, writing guides, and compliance frameworks, you're consuming thousands of tokens before doing any actual work.
Skills are selective packing. Running a pentest? Load security-testing methodology. Writing a blog post? Load writer skill with brand guidelines. Analyzing a job posting? Load career skill with OSINT research patterns.
Load what you need. Leave the rest.
The Solution: Hierarchical Context Loading
The framework uses three layers:
Layer 1: Navigation (CLAUDE.md)
Under 150 lines. Answers: "Where do I go next?"
Layer 2: Skills (SKILL.md files)
Under 500 lines each. Contains complete methodology for one domain.
Layer 3: Reference (loaded on-demand)
Frameworks, standards, templates. Pulled only when the skill needs them.
Agent Routing Flow
┌─────────────────────────────────────────────────────────────────────┐
│ How Base Claude Routes to Skills via Agents │
│ │
│ USER REQUEST: "Run a pentest on acme.com" │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Base Claude (Orchestrator) │ │
│ │ • Analyzes request domain │ │
│ │ • Identifies: Security testing work │ │
│ │ • Decision: Delegate to security agent │ │
│ └──────────────────┬───────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Task(subagent_type="security", prompt="Run pentest │ │
│ │ on acme.com") │ │
│ └──────────────────┬───────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Security Agent Loads Context │ │
│ │ 1. Read CLAUDE.md (navigation, ~150 lines) │ │
│ │ 2. Read agents/security.md (agent identity) │ │
│ │ 3. Detect skill: security-testing │ │
│ │ 4. Read skills/security-testing/SKILL.md (~500) │ │
│ └──────────────────┬───────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Skill Execution (security-testing/SKILL.md) │ │
│ │ • Decision tree: Pentest workflow │ │
│ │ • Mode selection: Director/Mentor/Demo │ │
│ │ • Load workflow: pentest-init.md │ │
│ │ • Load reference: PTES sections (on-demand) │ │
│ └──────────────────┬───────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Workflow Phases (Progressive Loading) │ │
│ │ • EXPLORE: Load reconnaissance tools │ │
│ │ • PLAN: Load test case templates │ │
│ │ • CODE: Load exploitation tools │ │
│ │ • QA: Load reporting standards │ │
│ │ • COMMIT: Document engagement │ │
│ └──────────────────┬───────────────────────────────────┘ │
│ │ │
│ ▼ │
│ DELIVERABLE: Professional pentest report in │
│ output/engagements/pentest/acme-2026/ │
│ │
│ Total context loaded: ~650 lines (CLAUDE + agent + skill) │
│ Reference loaded: Only sections needed per phase │
│ Token savings: 90%+ vs loading all frameworks upfront │
└─────────────────────────────────────────────────────────────────────┘
Token savings: 90%+ compared to loading everything at startup.
The Skills
The framework includes specialized skills across multiple domains: security testing and advisory, content creation, personal development, compliance, and support skills that other skills delegate to.
Skills are organized by category—security, compliance, content, advisory, and support—with each skill containing complete methodology for its domain. The framework grows as new skills are added.
For the complete current list of skills with descriptions and commands, see the IA Framework Reference: Skills.
Key examples:
- Security skills handle pentesting, code review, threat intelligence, and vulnerability assessment
- Content skills manage blog writing, documentation, and diagram generation
- Advisory skills cover career development, fitness programming, and research
- Compliance skills address regulatory requirements like ISO 12100 and NIST frameworks
- Support skills provide shared capabilities like OSINT research and QA review
How Skills Work
Every skill follows the same pattern:
1. Decision Tree
The SKILL.md file routes to the right workflow based on what you're doing.
2. Mode Selection
Most skills have multiple modes. Security-testing has Director (autonomous), Mentor (learning), and Demo (testing). Career has Fast (quick analysis) and Deep (comprehensive research).
3. Workflow Execution
The skill follows its methodology—gathering context, executing steps, producing deliverables.
4. Reference Loading
When the skill needs framework details (PTES for pentesting, Diátaxis for docs), it loads just those sections.
5. Output Placement
Results go to standardized locations. Engagement findings to output/engagements/. Blog content to blog/. Reports to structured directories.
Skills System Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ IA Framework Skills Architecture │
│ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ Base Claude (CLAUDE.md) │ │
│ │ • System navigation (<250 lines) │ │
│ │ • Agent registry │ │
│ │ • Skill discovery │ │
│ │ • Global preferences │ │
│ └───────────────┬───────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ Specialized Agents (agents/*.md) │ │
│ │ ├─ security.md (Security testing & advisory) │ │
│ │ ├─ writer.md (Content creation) │ │
│ │ ├─ advisor.md (Personal development, research, QA) │ │
│ │ ├─ engineer.md (Infrastructure implementation) │ │
│ │ └─ legal.md (Legal compliance with citations) │ │
│ └───────────────┬───────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ Skills (skills/*/SKILL.md - <500 lines each) │ │
│ │ │ │
│ │ Security Skills: │ │
│ │ ├─ security-testing/ (Pentest, vuln scan, segmentation) │ │
│ │ ├─ code-review/ (Vulnerability analysis) │ │
│ │ └─ arch-review/ (Architecture security) │ │
│ │ │ │
│ │ Content Skills: │ │
│ │ ├─ write/ (Generic content creation) │ │
│ │ ├─ ghost/ (Blog publishing to Ghost CMS) │ │
│ │ └─ newsletter/ (Weekly digest generation) │ │
│ │ │ │
│ │ Advisory Skills: │ │
│ │ ├─ career/ (Job analysis, coaching) │ │
│ │ ├─ clifton/ (CliftonStrengths analysis) │ │
│ │ └─ training/ (Fitness programming) │ │
│ │ │ │
│ │ Compliance Skills: │ │
│ │ ├─ compliance/ (Framework auto-detection) │ │
│ │ ├─ legal-template/ (Contract generation) │ │
│ │ └─ iso-machinery/ (ISO 12100/13849) │ │
│ └───────────────┬───────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────┐ │
│ │ Skill Components (loaded on-demand) │ │
│ │ ├─ workflows/ (Step-by-step procedures) │ │
│ │ ├─ reference/ (Standards, frameworks) │ │
│ │ ├─ templates/ (Reusable outputs) │ │
│ │ ├─ scripts/ (Executable tools) │ │
│ │ └─ methodologies/ (Complete process docs) │ │
│ └───────────────────────────────────────────────────────────────┘ │
│ │
│ Self-contained: Each skill contains all components needed │
│ Progressive loading: Components loaded only when required │
└─────────────────────────────────────────────────────────────────────┘
Skill Structure
Each skill lives in skills/{name}/ with consistent structure:
skills/security-testing/
├── SKILL.md # Decision tree, routing (~500 lines)
├── workflows/ # Step-by-step procedures
│ ├── pentest-init.md # Pentest workflow
│ ├── vuln-scan.md # Vulnerability scanning
│ └── segmentation.md # Network segmentation
├── reference/ # Loaded on-demand
│ ├── ptes/ # PTES framework
│ └── owasp/ # OWASP testing guide
├── scripts/ # Executable tools
└── templates/ # Reusable outputs
SKILL.md is the brain—it decides what to do based on your request.
workflows/ contains detailed procedures—loaded when that specific workflow runs.
reference/ holds frameworks and standards—loaded only when needed for that engagement.
Progressive Disclosure in Practice
Here's how a pentest request flows:
You say: "Run a pentest on acme.com"
Layer 1 loads (CLAUDE.md): Routes to security agent.
Layer 2 loads (security agent): Routes to security-testing skill.
Layer 3 loads (SKILL.md): Decision tree selects pentest workflow, asks for mode (Director/Mentor/Demo).
Workflow loads: pentest-init.md provides the step-by-step procedure.
Reference loads: PTES sections relevant to web application testing.
Total context: ~1,200 lines instead of 10,000+.
The framework loaded exactly what was needed—nothing more.
Context Hierarchy Visualization
┌─────────────────────────────────────────────────────────────────────┐
│ Three-Layer Context Loading Architecture │
│ │
│ Layer 1: CLAUDE.md (Navigation - <250 lines) │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ • System architecture overview │ │
│ │ • Agent registry (pointers to agents/) │ │
│ │ • Skill directory (pointers to skills/) │ │
│ │ • Global stack preferences (Python, Bash, Bun) │ │
│ │ • High-level routing rules │ │
│ │ │ │
│ │ FORBIDDEN: Agent workflows, skill methodologies, detailed │ │
│ │ tool lists, templates │ │
│ └──────────────────┬───────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ Layer 2: skills/*/SKILL.md (Skill Context - <500 lines each) │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ • Quick start overview │ │
│ │ • Critical rules (3-5 non-negotiable requirements) │ │
│ │ • Workflows and methodologies (navigation layer) │ │
│ │ • Tool lists (framework + skill-specific) │ │
│ │ • Default configurations │ │
│ │ • Template references (pointers, not full content) │ │
│ │ • Output directory mappings │ │
│ │ • Reporting standards │ │
│ │ │ │
│ │ Progressive loading: SKILL.md acts as navigation, │ │
│ │ detailed content extracted to subdirectories │ │
│ └──────────────────┬───────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ Layer 3: On-Demand Reference (loaded per phase) │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ methodologies/ → Complete process documentation │ │
│ │ ├─ PTES phases (pre-engagement → reporting) │ │
│ │ ├─ OWASP testing guide sections │ │
│ │ └─ Diátaxis framework (for technical writing) │ │
│ │ │ │
│ │ reference/ → Standards, frameworks, mappings │ │
│ │ ├─ CIS Benchmarks (system hardening) │ │
│ │ ├─ NIST CSF (cybersecurity framework) │ │
│ │ └─ ISO standards (compliance requirements) │ │
│ │ │ │
│ │ workflows/ → Step-by-step procedures │ │
│ │ ├─ pentest-init.md (pentest workflow) │ │
│ │ ├─ blog-workflow.md (content creation) │ │
│ │ └─ career-analysis.md (job evaluation) │ │
│ │ │ │
│ │ templates/ → Reusable output formats │ │
│ │ ├─ pentest-report-template.md │ │
│ │ ├─ blog-post-template.md │ │
│ │ └─ compliance-assessment-template.md │ │
│ └──────────────────────────────────────────────────────────────┘ │
│ │
│ Loading Strategy: │
│ • Always load: Layer 1 (CLAUDE.md) │
│ • On agent invocation: Layer 2 (relevant SKILL.md) │
│ • On phase execution: Layer 3 (specific references needed) │
│ │
│ Result: Load only what you need, when you need it │
└─────────────────────────────────────────────────────────────────────┘
Self-Contained Skills: Architectural Evolution
The framework originally used separate "support skills" for shared capabilities like OSINT research and QA review. Skills would delegate to these centralized services when needed—security skill calls osint-research, writer skill calls qa-review.
This created cross-dependencies that violated the self-contained principle.
The redesign: Common capabilities now live inside the skills that use them. Security skill has its own OSINT templates and scripts. Writer skill has its own QA criteria and review phases. Each skill remains fully self-contained with no external dependencies.
Why this matters:
- Skills can be moved, copied, or modified independently
- No shared state to manage or coordinate
- Each skill controls its own methodology end-to-end
- Simpler mental model—everything for pentesting lives in security/, everything for writing lives in write/
The exception: create-skill remains standalone because it's a meta-skill for extending the framework itself—templates for creating new skills, agents, commands, and hooks.
Adding New Skills
The framework is extensible. Use the /create-skill command for guided scaffolding:
/create-skill
# Prompts for: name, description, modes, agent
# Creates: SKILL.md with YAML frontmatter, workflow placeholders
Or manually:
- Copy template from
library/templates/SKILL-TEMPLATE.md - Fill YAML frontmatter (name, description, agent)
- Write decision tree (mode detection, workflow routing)
- Create workflows in
workflows/directory - Add reference materials to
reference/if needed - Test invocation through the appropriate agent
The framework discovers new skills automatically through YAML manifest parsing. No central registry to update.
The Philosophy
Skills embody the Intelligence Adjacent principle: solve once, reuse forever.
When you solve a problem thoroughly—pentesting methodology, blog writing workflow, job analysis process—you capture it as a skill. That skill becomes reusable infrastructure.
Each new skill added is a permanent solution to a category of problems. You never solve that problem from scratch again.
What you do: Provide the request ("pentest this app", "write about X", "analyze this job").
What the framework does: Routes to the right skill, loads the right methodology, executes the workflow, produces professional deliverables.
You focus on decisions. The framework handles execution.
Related Posts
- IA Framework Architecture - How skills fit the larger system
- Slash Commands Deep Dive - Commands that invoke skills
- Agent Architecture - How agents route to skills
- VPS Server Tools - Tools that skills use
Sources
Framework & Architecture
- IA Framework Repository - Full source code and skill implementations
- Building Effective Agents - Anthropic - Progressive disclosure patterns
- Claude Code Skills - Official skill system documentation
Methodologies Referenced
- PTES - Penetration Testing Execution Standard - Security methodology
- OWASP Testing Guide - Web application security
- NIST Cybersecurity Framework - Risk assessment standards
- Diátaxis Documentation Framework - Technical writing structure
- CIS Benchmarks - System hardening standards
Get the Full Framework
Create a free account to access all framework documentation and implementation guides.
