Skill Mining: Extracting What Your Codebase Already Knows Vercel's Head of Forward Deployed Engineering introduces skill mining, a method to extract latent knowledge from codebases into reusable agent skills. The approach uses a seven-phase process to survey, score, and package unwritten rules and conventions into the open Agent Skills Specification format, enabling AI agents to operate with the context of experienced developers. As the Head of Forward Deployed Engineering at Vercel https://vercel.com , I drop into customer codebases for a living. Startups, enterprises, teams of two and teams of two hundred. The repository is always unfamiliar, the deadline is always real, and I am always the person who cloned it this morning. So is the agent. Port 5441, not 5432. .env.test , not .env.local . A filter flag you write from memory in three seconds, if you have been in this repo before. Neither of us has. That gap costs real time, and it compounds across every engagement. Repos accumulate that kind of knowledge. The unwritten rule that money is always stored in cents, never floats. The folder a new feature is supposed to go in, enforced only when a reviewer catches you putting it somewhere else. The four-step dance to run a schema migration safely, which you get wrong exactly once and never forget again. None of that is in a file you can point to. It lives in commit history, in scattered validators, in review comments, in the heads of whoever has been here longest. It is the difference between someone who has worked in your repo for two years and someone who cloned it this morning. Every agent starts as the person who cloned it this morning. Brilliant and completely without context, every single time. Skill mining is how you fix that. Mining, because the value is already in the ground mining-because-the-value-is-already-in-the-ground I picked the word deliberately. You are not inventing skills. You are extracting something that is already there. A codebase is a sedimentary record of how a team builds software. Every commit is a decision. Every cluster of bug-fix commits around the same file is a sign that says this part is hard, and here is how we eventually got it right. Every convention the team follows is a pattern that an agent currently has to re-discover by reading three other files and guessing. That latent know-how has real value, and right now it is locked in a form only humans and only some humans can read fluently. Skill mining is the dig: you survey the terrain, find the rich seams, score them by leverage, and pull the valuable ones up into a form your agents can use directly. The form already exists. The open Agent Skills Specification https://agentskills.io/?ref=voodootikigod.com standardized on a simple format: a folder with a SKILL.md file, a name, a trigger-rich description, and a body of instructions. Drop one into the right directory and any compliant harness loads it on demand when the description matches what you are doing. Claude Code, Codex, Antigravity, Cursor, Zed. The package manager npx skills and the registry at skills.sh https://skills.sh/?ref=voodootikigod.com handle distribution. The plumbing is solved. What has been missing is a disciplined way to figure out which skills are worth having for a given codebase. That is the gap skill mining fills. The prompt that started it the-prompt-that-started-it This practice started, like a lot of good practices do, as a long prompt I kept reusing. Something like: do a thorough review of this project's codebase with the goal of building up a set of high-value agent skills, find existing ones to reuse where possible, create new skills only where something is bespoke or unique to this app, then define agents that leverage them to drive implementation, fixing, and improvements as a team. It worked. But a one-off prompt is itself un-mined knowledge. So I turned it into a proper, repeatable skill with a defined loop, a scoring rubric, and templates. That skill is open source under MIT, installs cross-harness, and you can run it on your own repos today. The rest of this post is what is inside it. The survey comes first, the scalpel comes later the-survey-comes-first-the-scalpel-comes-later Skill mining runs as seven phases. The first half is broad and parallel. You are surveying and judging. The second half is surgical and sequential. You are writing artifacts you will have to maintain, so restraint matters more than coverage. Survey, Detect, Score, Dedupe, Author, Compose, Verify. With two adversarial gates wired in between. Survey: map the territory before judging it survey-map-the-territory-before-judging-it Before deciding anything, the agent builds a factual map. Languages, frameworks, package layout, the actual build/test/lint/deploy commands, and the hotspots. git log churn tells you which files change most often, and high churn means high leverage. A skill that speeds up work on the hottest files in the repo pays back faster than one for a corner nobody touches. It also reads the pain markers: clusters of TODO / FIXME / HACK , files with the most bug-fix commits, recurring reverts, flaky-test annotations. Pain is signal. Pain that recurs is a skill waiting to be written. If your harness can run subagents in parallel Claude's workflow engine, Codex's parallel tasks , this is where you fan out: one explorer per subsystem, then converge. If it cannot, you iterate. The method is identical; only the wall-clock differs. Detect: surface candidates everywhere they hide detect-surface-candidates-everywhere-they-hide Here is where most people get it wrong: they think skills means code patterns. The highest-leverage skills almost always live in the operational and tribal layers instead. The stuff nobody wrote down because everybody just knows it. The mining loop sweeps a deliberate taxonomy: build/test/run incantations the cheapest, highest-hit-rate skills in existence; every agent re-derives "how do I run this" on every task , domain rules and invariants allowed state transitions, tenancy isolation, money handling, PII boundaries, enforced today only by scattered validators and reviewer memory , architectural conventions, review checklists whatever your reviewers reliably catch is a skill , debugging playbooks, and migration and deploy recipes. Multi-step, error-prone, infrequent. Exactly the things people get wrong. For each candidate, the agent captures the evidence: the files, line ranges, and commit history that prove the pattern actually recurs. That evidence is what makes the authored skill specific instead of generic, which turns out to be the whole game. Score: rank by leverage, not enthusiasm score-rank-by-leverage-not-enthusiasm It is very easy to get excited and mine forty skills. Forty skills is noise. The loop forces discipline with a five-axis rubric. Frequency and leverage are a pair: high frequency with low leverage is noise, low frequency with high leverage is a trap. Bespokeness is the tiebreaker. A pattern that recurs constantly but already has a maintained community skill is a REUSE, not a BUILD. Stability matters because a skill that churns out of date in six weeks is worse than no skill. And verifiability is the gate on everything: if an agent cannot check whether it followed the skill, the skill can never get better. The scores do not just rank the backlog. Their shape drives the next decision, which is the one that matters most. Dedupe: reuse before you build dedupe-reuse-before-you-build This is the heart of skill mining, and the part that separates it from "the agent wrote me a pile of markdown." For every candidate that survives scoring, the agent checks the existing ecosystem before authoring anything. It does that with a skill built exactly for the job: find-skills . Point it at a candidate and it searches your installed skills, runs npx skills find