> ## Documentation Index > Fetch the complete documentation index at: https://docs.neo.projectdiscovery.io/llms.txt > Use this file to discover all available pages before exploring further. # Skills > Domain-specific knowledge guides that turn agents into specialists Neo's agents are generalists by default, but security work demands domain-specific expertise. Writing a Nuclei template, triaging a HackerOne report, running a red team engagement, and setting up a VPN tunnel each require detailed procedural knowledge that goes beyond what the model knows from training. **Skills** are how Neo bridges this gap. A skill is a structured knowledge guide written as a **SKILL.md file** that follows an open standard. Each skill contains detailed instructions, methodology, tool usage patterns, and reference material for a specific domain. When an agent encounters a task that matches a skill's domain, it activates the skill and loads the full instructions into its context. The agent then follows the skill's guidance alongside its own reasoning, combining domain-specific best practices with real-time decision making. Skills are **loaded on demand**, not injected all at once. Every agent sees a list of available skills with their names and descriptions, but the full instructions are only loaded when the agent activates a skill. A maximum of three skills can be active simultaneously to manage the token budget. When the agent moves to a different phase of work, it can deactivate a skill it no longer needs and activate a new one. This keeps the agent's context focused on what is relevant right now. Neo ships with **25 built-in skills** covering the major domains of security work. The **redteam** skill provides a complete operating framework for adversary simulation: scoping, attack path mapping, credential workflows, privilege escalation, lateral movement, OPSEC, cleanup procedures, and evidence-backed reporting. The **variant-analysis** skill teaches the agent how to find similar vulnerabilities across a codebase after discovering an initial issue, using pattern-based analysis with Semgrep and ripgrep. The **nuclei-templates** skill guides the agent through creating custom Nuclei vulnerability detection templates from scratch. The **sqlmap-guide** covers SQLMap usage for SQL injection testing. The **semgrep** skill covers writing and running custom Semgrep rules for static analysis. The **libfuzzer** skill provides fuzzing methodology. The **android-security-guide** is an 850-line reference covering IPC attacks, data security, WebView exploitation, cryptographic issues, deeplink abuse, ADB commands, Frida hooks, and static analysis patterns. The **ios-security-guide** covers IPA analysis, binary inspection, keychain access, transport security, URL schemes, and secrets scanning. The **mobile-advanced-techniques** skill goes deeper into Frida workflows, anti-Frida bypass, native library analysis, whitebox cryptography, and traffic interception. The **pd-cloud** skill covers the full ProjectDiscovery Cloud Platform API: asset discovery, vulnerability scanning, leaked credential monitoring, and template management. The **h1-api**, **h1-setup**, and **h1-triage** skills handle HackerOne workflows for fetching reports, validating findings, and posting a Triage Summary. The **vpn-guide** covers connecting to private networks using WireGuard, OpenVPN, Tailscale, Twingate, and other VPN clients pre-installed in the sandbox. The **security-findings** skill provides standardized vulnerability report templates with CVSS scoring, proof-of-concept formatting, and remediation guidance. The **exploitability-verification** skill covers the methodology for confirming whether a finding is actually exploitable. The **runtime-validation** skill handles validating findings against live targets. The **differential-review** and **task-diff-analyse** skills support change-based analysis for PR reviews and scheduled task comparisons. Skills for **docx** and **pdf** output are also included, so the agent can produce polished deliverables in standard formats. Each skill is more than just a text file. A skill can include **reference materials** in a references subdirectory, like finding templates, API documentation, or configuration examples. When a skill is activated, the agent knows the sandbox filesystem path to these files and can read them directly during execution. Some skills include over a dozen reference files. Beyond the built-in set, you can **install your own skills** into the workspace. Skills follow an open standard compatible with multiple agent platforms, and Neo automatically discovers them from well-known directories in the sandbox. If your team has internal methodologies, custom testing procedures, or proprietary tool configurations, you can encode them as SKILL.md files and the agent picks them up at runtime without any configuration changes. Install them with `npx skills add` or place them directly in the workspace skill directories. Agents can also **search across skill content** without activating them. If the agent needs to quickly check whether any skill covers a specific topic, it can search by keyword and get relevant snippets before deciding whether to fully activate the skill. The practical effect is that Neo does not just have access to tools. It has access to the knowledge of how to use those tools well. A Nuclei template written by an agent with the nuclei-templates skill active follows ProjectDiscovery's conventions and best practices. A red team engagement run with the redteam skill follows established methodology rather than ad-hoc improvisation. Skills turn the agent from a capable generalist into a domain-aware specialist for whatever type of security work you need.