MeshFlow
  • Cloud PlatformDeployIntegrationsInit CLIWhy MeshFlow
  • DocsLearn
  • CustomersCertificationBlogChangelogCommunity
  • Pricing
Sign inGet started
Pricing
Sign inGet started
MeshFlow

The production-safe standard for agentic AI.
Apache 2.0 — free forever.

Product
  • Pricing
  • Cloud
  • Compare
  • Init CLI
  • Changelog
Docs
  • Quickstart
  • Core concepts
  • Compliance guide
  • Token optimization
  • API reference
Resources
  • Blog
  • Customers
  • Community
  • PyPI
  • GitHub
Company
  • Discord
  • Twitter
  • Security
  • License
MeshFlow © 2026 · Yaya Systems · Apache 2.0
All systems operational
MeshFlowdocs
Search docs...⌘K
v1.13.0 GitHub Discord
Getting startedQuickstartInstallationCore conceptsHarness architectureSkills vs ToolsSandbox mode
GuidesBuilding agentsMulti-agent workflowsModel RoutersCost AnalyticsCompliance guideToken optimization
Claude & AIAdvisor patternThinking budgetsDynamic workflowsContext compactionTool streaming
Governancemeshflow-forensicZero-Trust PoliciesSOC 2 assertionEU AI ActProduction Readiness
IntegrationsOpenAI Agents SDKLangGraphCrewAIMCP ToolsTypeScript SDKOTel / OTLPAutoGen 0.4+
API ReferenceWorkflowAgentCostCapAdvisorAgentCostRegressionGate
Docs/Getting started/Skills vs Tools

Skills vs Tools

A fundamental concept in enterprise AI agent engineering is differentiating between Skills and Tools. While both extend the capabilities of an agent, they do so in completely different ways with different security implications.

What is a Tool?

A Tool is an external interface. It breaks the agent out of the LLM sandbox to execute code, query a database, or call an external API (like fetching a stock price or sending an email).

Security Risk
Tools carry significant security risks (e.g. Prompt Injection leading to SQL injection). They require strict sandboxing, robust schema validation, and execution timeout limits.

What is a Skill?

A Skill is an internal cognitive configuration. It is injected into the prompt or routing layer to teach the agent how to think about a specific domain (e.g. "Regulatory Compliance Rules" or "COBOL Translation Logic").

Zero Security Risk
Skills do not execute external code. They only alter the agent's reasoning pattern and are therefore perfectly safe to inject dynamically.

Summary

Use Skills to teach the agent domain knowledge. Use Tools to give the agent hands to interact with the outside world.

Previous
Harness architecture
Next
Sandbox mode
On this pageWhat is a Tool?What is a Skill?Summary