Stop Wasting 86% of Your AI Tokens on Broken Rules
Stop Wasting 86% of Your AI Tokens on Broken Rules
Your AI agent just wrote garbage code. Again.
You pasted the same .cursorrules file you've been tweaking for months. You typed "use OnPush change detection" for the hundredth time. You watched your context window balloon to 4,000 tokens while your AI still forgot to wrap errors with context. The frustration is maddening — and expensive.
Here's the brutal truth nobody talks about: traditional prompt engineering is fundamentally broken at scale. Every rule you cram into your AI's context window is a token burned. Every forgotten standard is a code review nightmare waiting to happen. Every team member's slightly different .cursorrules file is a silent consistency killer.
But what if your AI could load only the rules it needs, exactly when it needs them — in under 500 tokens instead of 3,600?
Enter Agent Skills Standard, the high-density instruction framework that's making senior engineers quietly abandon their bloated system prompts. One command. 242 battle-tested skills. Every major AI agent. And yes — 85% fewer tokens than whatever you're doing right now.
What Is Agent Skills Standard?
Agent Skills Standard is an open-source, modular instruction framework created by Hoang Nguyen that transforms scattered coding conventions into version-controlled, on-demand skills any AI agent can consume. Think of it as npm for your team's engineering brain — install once, sync everywhere, update centrally.
The project exploded in relevance because it solves a problem every AI-assisted team hits within weeks: prompt entropy. You start with a clean .cursorrules file. Three sprints later, it's a 400-line monster that half-works in Cursor, breaks in Claude Code, and gets completely ignored by GitHub Copilot. Your tokens disappear. Your standards drift. Your sanity evaporates.
Agent Skills Standard replaces this chaos with a hierarchical, file-triggered loading system inspired by Rust Token Killer (RTK). Skills live as compact Markdown files (averaging ~500 tokens each), organized by framework and concern. When your AI edits a .ts file, it loads TypeScript skills. When you mention "validate" in a prompt, security skills activate. Nothing else loads. Nothing wastes context.
The framework currently ships 242 skills across 20+ technology stacks — from Flutter BLoC patterns to NestJS API standards, from SwiftUI architecture to PostgreSQL query optimization. Each skill is audited for token efficiency, injection-sanitized, and validated with automated evals. The entire ecosystem is MIT-licensed and actively maintained with published benchmark reports.
What makes it genuinely different? Native multi-agent support without plugins. The CLI automatically generates each agent's preferred format — Cursor's AGENTS.md, Claude's .clauderules, Copilot's configurations, Gemini's settings, plus Windsurf, Trae, Kiro, Roo, and Antigravity. No extensions. No vendor lock-in. One source of truth.
Key Features That Crush Traditional Prompt Engineering
Hierarchical On-Demand Loading — The killer feature. Instead of dumping 3,600+ tokens of architect prompts into every chat, Agent Skills Standard uses a three-tier resolution system:
- AGENTS.md (~20 lines): A compact router that maps file patterns to category indexes
- _INDEX.md (per-category): Trigger tables matching file paths and keywords to specific skills
- SKILL.md (~500 tokens): The actual engineering rules, loaded only when relevant
Result? Your AI scans approximately 25 lines per edit instead of hundreds. Context stays clean. Responses stay sharp.
Token Economics Verified by Benchmarks — This isn't marketing fluff. Published benchmark reports show consistent 85-88% token savings across versions. The v2.3.0 release achieves 540 average tokens per skill versus the 3,600+ token industry standard. That's real money if you're paying for API access, and real performance if you're hitting context limits.
Zero-Trust Security Architecture — Every skill description is sanitized against prompt injection patterns at index-generation time. The AGENTS.md enforces mandatory audit declarations: your AI must report which skills it loaded before writing code. No silent rule-skipping. No "ignore previous instructions" attacks slipping through.
MCP Runtime Enforcement — The CLI distributes skills to disk; the companion MCP server serves them at runtime as explicit tool calls. This closes the critical gap where agents read AGENTS.md but forget to load matched SKILL.md files — especially devastating in sub-agents that don't inherit parent context.
Specialist Sub-Agent Support — Delegate to focused personas like @specialist-tdd-implementer or @specialist-jira-analyst. These maintain context hygiene by keeping granular implementation noise out of your main chat. Specialists sync automatically to native agent folders during standard operations.
Granular Consent Model — Choose your MCP scope: project (recommended, touches no $HOME files), user (with explicit per-write confirmation), snippets-only, or disabled. The CLI never reads or modifies home-directory configs without your explicit choice and confirmation.
Use Cases Where Agent Skills Standard Dominates
1. Multi-Agent Team Standardization
Your frontend dev uses Cursor. Your backend lead prefers Claude Code. Your contractor drops in with GitHub Copilot. Without Agent Skills Standard, you have three divergent rule sets and code review hell. With it? One .skillsrc file, one ags sync, identical standards across every tool. The CLI generates each agent's native format automatically.
2. Large-Scale NestJS API Development
Picture building a POST /orders endpoint. Traditional approach: you manually remind the AI about DTO validation, controller thinness, service layer separation, HTTP status codes, error envelopes, and security sanitization. With Agent Skills Standard, editing orders.controller.ts automatically triggers 11 matched skills — TypeScript language rules, NestJS API standards, controller-service patterns, transport conventions, plus composite common skills for best practices, API design, security, and performance engineering.
3. Flutter Team with Mixed State Management
Your team uses BLoC for new features but maintains legacy Riverpod code. Your .cursorrules can't handle both without becoming unreadable. Agent Skills Standard lets you exclude getx-navigation skills entirely, pin bloc-state with custom overrides, and load only Riverpod skills when editing legacy files. The AI never confuses patterns.
4. Security-Critical Code Reviews
When your prompt mentions "validate," "sanitize," or "auth," the hierarchical index automatically loads typescript-security or nestjs-security skills. Combined with MCP runtime enforcement, your AI can't accidentally skip security standards — even in sub-agents handling delegated tasks. The audit_session_compliance tool provides provable logs of which skills informed every code generation.
5. Rapid Technology Migration
Adding Go microservices to your TypeScript monolith? Just add golang: ref: golang-v1.3.4 to .skillsrc. Your AI instantly knows clean architecture patterns, concurrency conventions, and Go-specific best practices when editing .go files — without polluting TypeScript contexts or requiring separate tool configurations.
Step-by-Step Installation & Setup Guide
Prerequisites
- Node.js 18+ with npx support
- One or more supported AI agents (Cursor, Claude Code, GitHub Copilot, Gemini CLI, Windsurf, Trae, Kiro, Roo, or Antigravity)
- Git for version-controlling your
.skillsrcconfiguration
Step 1: Initialize Your Project
# Detects your tech stack and creates .skillsrc config
npx agent-skills-standard@latest init
This command analyzes your repository structure, identifies frameworks, and generates a starter .skillsrc file. It also prompts for MCP scope — select project for zero home-directory modifications.
Step 2: Configure Your Skills
Edit .skillsrc to match your stack and preferences:
registry: https://github.com/HoangNguyen0403/agent-skills-standard
agents: [cursor, copilot, claude, gemini]
skills:
nestjs:
ref: nestjs-v1.4.4
# Exclude patterns your team doesn't use
exclude: ['nestjs-real-time', 'nestjs-transport']
typescript:
ref: typescript-v1.3.3
common:
ref: common-v2.1.0
golang:
ref: golang-v1.3.4
# Add your project-specific rules
custom_skills:
- path: './.skills/our-logging-standard.md'
triggers: ['*.ts', '*.go', 'logger']
The exclude field prevents irrelevant skills from loading. The custom_overrides array protects local modifications from being overwritten on sync. The custom_skills section indexes your own Markdown files into the hierarchical lookup.
Step 3: Sync to All Agents
# Downloads skills, generates AGENTS.md and _INDEX.md files
npx agent-skills-standard@latest sync
This fetches specified skill versions from the registry, writes them to agent-specific directories (.cursor/, .claude/, etc.), and generates the hierarchical index files. Run this after any .skillsrc change or when updating skill versions.
Step 4: Enable MCP Runtime Enforcement (Recommended)
# Check current MCP status
ags mcp status
# Enable with project scope (recommended)
ags mcp scope project
ags mcp enable
ags mcp install
For manual installation in runtimes without CLI support, add to your MCP config:
{
"mcpServers": {
"agent-skills-standard": {
"command": "npx",
"args": ["-y", "agent-skills-standard-mcp"]
}
}
}
Step 5: Verify Installation
# Confirm skills loaded correctly
ags mcp status
# Review generated index
cat AGENTS.md
Real Code Examples from the Repository
Example 1: Hierarchical Skill Resolution
This is the core mechanism that makes Agent Skills Standard radically more efficient than traditional prompts. The AGENTS.md router file is intentionally minimal — approximately 20 lines that delegate to category-specific indexes:
# AGENTS.md — Auto-generated by agent-skills-standard
# Do not edit manually; run `ags sync` to regenerate
## Skill Router
When editing files, consult the relevant _INDEX.md:
- `*.ts`, `*.tsx`, `tsconfig.json` → typescript/_INDEX.md
- `*.go` → golang/_INDEX.md
- `*.dart` → dart/_INDEX.md
- `src/**/*.controller.ts` → nestjs/_INDEX.md
- `lib/**/*.dart` → flutter/_INDEX.md
For keyword-triggered skills, see per-category _INDEX.md tables.
The genius here is deliberate indirection. Instead of listing all 242 skills, the router delegates. When your AI edits orders.controller.ts, it reads this router, matches the file pattern to nestjs/_INDEX.md, and only then discovers the specific NestJS skills. This ~20-line scan replaces hundreds of lines of traditional rules.
Example 2: Index File with Trigger Table
The _INDEX.md files contain structured trigger tables that map file patterns and keywords to specific skills. Here's how the TypeScript category index works:
# typescript/_INDEX.md — TypeScript Skill Triggers
## File Match Triggers
| Pattern | Skill | Priority |
|---------|-------|----------|
| `*.ts`, `*.tsx`, `tsconfig.json` | typescript-language | required |
| `**/test/**/*.ts` | typescript-testing | optional |
| `**/e2e/**/*.ts` | typescript-e2e-patterns | optional |
## Keyword Triggers
| Keywords | Skill | Priority |
|----------|-------|----------|
| validate, sanitize, auth, encrypt | typescript-security | required |
| generic, infer, conditional | typescript-advanced-types | optional |
| performance, optimize, memo | typescript-performance | optional |
File Match triggers are checked automatically based on the file being edited. Keyword triggers activate only when your prompt mentions relevant concepts. This dual mechanism means editing user.service.ts loads typescript-language automatically, but typescript-security only loads if you mention "validate" or "auth" in your request. Precision targeting eliminates noise.
Example 3: Actual Skill File (NestJS Controllers)
Here's a condensed version of how a SKILL.md file looks — compact, dense, and optimized for token efficiency:
# nestjs-controllers-services/SKILL.md
## Controller Rules
- Controllers stay thin: routing + delegation only
- No business logic in handlers
- Use `@HttpCode()` decorators explicitly
- Apply `ParseUUIDPipe`, `ParseIntPipe` for path params
## Service Rules
- Services contain all business logic
- Return domain objects, not raw entities
- Throw domain exceptions; let filters map to HTTP
## Dependency Rules
- Controllers depend on services (interfaces preferred)
- No service-to-controller dependencies
- Use constructor injection exclusively
At approximately 500 tokens, this skill delivers more actionable guidance than 2,000 tokens of generic "write good NestJS code" instructions. The constraints are specific, verifiable, and immediately applicable. The AI doesn't need to interpret — it follows.
Example 4: MCP Tool Call for Runtime Skill Loading
When MCP is enabled, your AI makes explicit tool calls to load skills before writing code. This is the critical enforcement layer:
// Tool call automatically made by AI agent
{
"name": "load_skills_for_files",
"arguments": {
"files": ["src/orders/orders.controller.ts"]
}
}
// MCP server response with matched skills
{
"skills": [
"typescript/typescript-language",
"nestjs/nestjs-api-standards",
"nestjs/nestjs-controllers-services",
"common/common-best-practices",
"common/common-api-design",
"common/common-security-standards"
],
"total_tokens": 2847,
"load_method": "hierarchical_mcp"
}
The audit_session_compliance tool then verifies what informed the code generation:
{
"name": "audit_session_compliance",
"arguments": {}
}
// Response provides provable audit trail
{
"session_id": "uuid-here",
"skills_loaded": 6,
"skill_list": [
"typescript/typescript-language",
"nestjs/nestjs-api-standards",
"nestjs/nestjs-controllers-services",
"common/common-best-practices",
"common/common-api-design",
"common/common-security-standards"
],
"compliance_status": "verified"
}
This audit capability is unique to Agent Skills Standard. No other prompt management system provides provable, programmatic verification that specific standards informed specific code generations. For regulated industries or teams with strict review requirements, this transforms AI-assisted development from "trust the black box" to "verify the audit trail."
Advanced Usage & Best Practices
Version-Pin Critical Skills — Use exact refs in .skillsrc for skills affecting security or architecture: nestjs-v1.4.4 not latest. This prevents unexpected behavior changes on sync. Create a team policy: architecture skills pinned, utility skills floating.
Composite Skill Chains — The MCP automatically loads composite skills. When nestjs-api-standards loads, it triggers common-api-design and common-security-standards. Design your custom skills with composite metadata to inherit base patterns without duplication.
Sub-Agent Specialization — For complex features, delegate to specialist personas. The @specialist-tdd-implementer maintains strict Red-Green-Refactor discipline without polluting your main context. Specialists inherit the same skill system through unified sync.
Custom Skill Development — Follow the 100-line maximum. Use the evals.json format for automated validation. Test with ags verify before deploying to team. Submit high-quality skills to the public registry via GitHub issue → fork → PR flow.
Token Budget Management — Monitor with ags benchmark. If a skill consistently exceeds 600 tokens, refactor or split. The project's published benchmarks prove skills degrade in effectiveness above ~550 tokens.
Comparison with Alternatives
| Capability | .cursorrules |
System Prompts | Agent Skills Standard |
|---|---|---|---|
| Token Efficiency | ❌ 3,600+ tokens | ❌ 3,600+ tokens | ✅ ~500 tokens/skill |
| Multi-Agent Support | ❌ Cursor only | ❌ Per-tool setup | ✅ 9+ agents native |
| Version Control | ❌ Manual copy | ❌ Scattered | ✅ Central .skillsrc |
| On-Demand Loading | ❌ All rules always | ❌ All rules always | ✅ Hierarchical, triggered |
| Runtime Enforcement | ❌ None | ❌ None | ✅ MCP tool calls |
| Audit Trail | ❌ None | ❌ None | ✅ audit_session_compliance |
| Sub-Agent Support | ❌ Worse than parent | ❌ Worse than parent | ✅ Identical via MCP |
| Custom Rules | ✅ Basic | ✅ Basic | ✅ Indexed, versioned, composite |
| Team Scalability | ❌ Divergent files | ❌ Divergent files | ✅ Single source of truth |
| Security Sanitization | ❌ None | ❌ None | ✅ Injection scanning + evals |
The verdict is stark: traditional approaches work for solo developers with one tool and simple needs. For teams, multiple agents, or serious engineering standards, Agent Skills Standard is the only architecture that scales without token bankruptcy.
FAQ
Does this work with my AI agent?
Yes — Cursor, Claude Code, GitHub Copilot, Gemini CLI, Windsurf, Trae, Kiro, Roo, and Antigravity are all supported. The CLI generates each agent's native format. No plugins or extensions required.
How is this different from my .cursorrules file?
.cursorrules is static and monolithic — one big file the AI reads every time, wasting context. Agent Skills Standard uses hierarchical on-demand loading: only relevant skills activate per edit. This saves ~86% of tokens and scales to hundreds of skills without performance degradation.
Will syncing overwrite my custom rules?
No. Use custom_overrides in .skillsrc to protect locally modified files. The CLI skips them during sync. You can also add entirely custom skills via the custom_skills section.
How do I add my own team-specific standards?
Create a SKILL.md in your agent's skills directory, or use the custom_skills path in .skillsrc with trigger patterns. On next sync, it's indexed into AGENTS.md and _INDEX.md automatically.
What about token costs with API-based agents?
Each skill averages ~500 tokens versus ~3,600 for typical architect prompts. Hierarchical index scanning adds only ~25 lines overhead per edit. Teams consistently report 85-88% reduction in prompt-related token consumption.
Is the MCP server safe to run?
Skills are pure Markdown — no executable code, no filesystem access, no network requests. The CLI downloads only text from the public registry with zero telemetry. The MCP server serves skills as explicit tool calls within the AI's sandbox.
How do I verify skills actually loaded?
Call audit_session_compliance after code generation. It returns a provable list of which skills informed the session — essential for compliance and debugging.
Conclusion
The era of bloated system prompts and forgotten .cursorrules files is ending. Agent Skills Standard represents a fundamental architectural shift — from pushing rules into AI context to pulling skills on demand. The results speak through published benchmarks: 85% token reduction, 242 verified skills, provable audit trails, and native multi-agent support that actually works.
I've watched teams burn thousands in API tokens and countless hours in code review, all because their AI couldn't remember whether to use unknown or any. The hierarchical loading system isn't clever optimization — it's the only sane approach at scale. The MCP runtime enforcement closes the sub-agent gap that makes every other prompt management system unreliable for serious work.
If you're still maintaining separate rule files per tool, still watching your context window disappear, still finding business logic in controllers during review — stop. One command changes everything.
Get started now: github.com/HoangNguyen0403/agent-skills-standard. Run npx agent-skills-standard@latest init and watch your AI finally write code like your best engineer.
Last updated: Reflects v2.3.0 release with 246 skills, 540 average tokens, and 85% benchmarked savings.
Comments (0)
No comments yet. Be the first to share your thoughts!
