Agentic insights for modern tech teams
skillscore is an open-source Dart CLI that statically analyzes SKILL.md files and scores them 0–100 across 7 weighted categories, with rules drawn from official Anthropic, OpenAI, Google, and Flutter authoring guides. It runs fully offline, is deterministic, and exits with CI-friendly status codes, supporting --min-score thresholds, JSON output, and SARIF 2.1.0 for pull request annotations. The tool addresses the hidden cost of vague agent skills permanently occupying context budget, providing actionable fix-it findings that cite specific guide sources.
For engineers building AI agents with Claude Code, Codex, or Cursor, this fills a critical gap in the development workflow—providing deterministic, enforceable linting for SKILL.md files that directly impacts agent performance and context efficiency.
A local coding agent on macOS can be built using llama.cpp with Metal acceleration, Gemma 4 26B-A4B in Q4 GGUF format, and a Q8 MTP draft model for speculative decoding, achieving 72.2 tokens/second on an M1 Max with 64 GB RAM—a 24% speedup over the base model alone. The setup uses Pi as the terminal agent and supports OpenAI-compatible APIs and multimodal input, outperforming MLX-based alternatives (45.8 tok/s) in this configuration.
Google's WebMCP standard proposal, now in Chrome 149 origin trials, lets sites expose typed JavaScript functions and HTML forms as tools for in-browser AI agents, replacing unreliable DOM scraping and screenshot-based automation with deterministic, machine-friendly API calls. Unlike the server-side Model Context Protocol (MCP), WebMCP operates entirely client-side and omits resources, providing a declarative API for annotating forms with toolname and tooldescription attributes. This enables agents to perform complex tasks like multi-city itinerary planning by calling backend APIs directly, reducing latency and token costs from image processing and layout shifts.
This article is the second in a three-part series from the Cilium project on hardening CI/CD pipelines, focusing on securing dependencies. It likely covers strategies like dependency pinning, vulnerability scanning, and supply chain integrity measures to prevent malicious code injection.
AWS has launched CDK Mixins, a new feature for the AWS Cloud Development Kit that enables developers to compose reusable capabilities—such as security policies, monitoring, and configuration—across L1, L2, and L3 constructs using a `.with()` syntax. Mixins decouple cross-cutting concerns from construct implementations, allowing teams to combine day-one access to new CloudFormation resources (via L1) with higher-level defaults and behaviors previously locked to L2 constructs. This complements CDK Aspects, which enforce broad validation rules, by applying features immediately to specific constructs, blurring the boundary between abstraction levels and reducing the need for custom wrappers.
Microsoft announced the public preview of Azure Container Apps Sandboxes, a new ARM resource type (Microsoft.App/SandboxGroups) that runs untrusted AI agent code in hardware-isolated microVMs, starting from OCI disk images in under a second and scaling to thousands of instances with no cost when idle. Each sandbox enforces network egress deny-by-default, supports Entra managed identities for credential-free authentication, and includes snapshot-based suspend/resume for stateful multi-step agent workflows. The Agent Governance Toolkit adds AST scanning and tool allowlists before code execution, with independent egress enforcement at the proxy layer, and is already used by GitHub Copilot Cloud Sandboxes, Foundry Hosted Agents, and Azure Container Apps Express.
The Agent Toolkit for AWS replaces community MCP servers with a managed, secure suite for AI coding agents. It enforces IAM condition keys like `aws:CalledViaAWSMCP` to restrict agent actions, provides sandboxed Python execution with boto3, and logs every API call to CloudTrail with distinct `invokedBy: aws-mcp.amazonaws.com` entries. Curated skills for serverless debugging and multi-profile support further differentiate it from ad-hoc setups.
Google launched an open-source Colab CLI that lets developers and AI agents provision GPUs/TPUs, execute Python scripts, and retrieve artifacts from remote Colab runtimes entirely via terminal commands. The tool includes a predefined skill file for agent integration, enabling automated workflows like QLoRA fine-tuning of Gemma 3 1B on a T4 GPU without manual cloud console interaction. Early community feedback highlights the need for robust authentication and quota management to avoid browser-based loops that break agent automation.
Google's Angular team released `angular/skills`, a repository of Agent Skills that teach AI coding tools to generate modern Angular v20 code using Signals, `@if`, and standalone components instead of outdated patterns like NgModules and `*ngIf`. The two initial skills—`angular-developer` and `angular-new-app`—load on demand via Anthropic's open Agent Skills format, enforce conventions through an autonomous build verification loop, and are designed for tools like Gemini CLI. Installation uses `npx skills add`, and the repository mirrors contributions from the main Angular repo, with drift tracking via a lock file for frequent release updates.
The Flutter and Dart teams released official Agent Skills repositories (flutter/skills and dart-lang/skills) to close the knowledge gap between LLM training data and current framework patterns. These plain-Markdown skill files provide task-specific, battle-tested workflows for adaptive layouts, routing, testing, and more, installable via a single npx command. Unlike generalist AI agents that default to deprecated 2022 patterns like MediaQuery.orientationOf, skills use progressive disclosure to deliver correct, senior-level Flutter code on demand.