Look at the install instructions for almost any popular AI agent skill released in the last few months and you'll see the same pattern repeat across tools that otherwise have nothing to do with each other. Claude Code has a plugin marketplace. So does Codex. So does GitHub Copilot CLI, OpenCode, Gemini CLI (soon to be renamed Antigravity), Devin CLI, Hermes Agent, and a community-run one called ClawHub for OpenClaw. A single skill, like the widely used Ponytail plugin, now ships install commands for all of them side by side in its README, because maintaining one plugin without meeting developers wherever they already work simply isn't viable anymore.
This looks a lot like a familiar cycle
Browser extensions went through this. VS Code went through this. npm went through this. A platform gets popular enough that third-party additions become the main way people extend it, and eventually the platform formalizes that into a marketplace with versioning, discovery, and an install command instead of "copy this file into a folder." AI coding agents are now far enough along that pattern to be doing the same thing, just compressed into a matter of months instead of years.
Why it's happening now, specifically
Two things converged. First, agent harnesses matured enough to have a stable plugin API worth building against — earlier tools changed too fast for third-party plugins to survive an update cycle. Second, a wave of genuinely useful, free community skills (token-saving rules, review checklists, SEO workflows, and so on) proved there was real demand for "install once, apply every session" behavior rather than copy-pasting prompt snippets into a chat window every time.
The part teams should actually pay attention to
A plugin marketplace for a coding agent is not the same risk profile as a browser extension store, because these plugins often get injected into every prompt the agent sees and, in some cases, run lifecycle hooks with real permissions. Treat installing one the way you'd treat adding a new dependency to a production repo, not the way you'd treat installing a Chrome extension for yourself. That means:
- Someone on the team actually reads what a skill's ruleset does before it goes org-wide
- New plugins get reviewed the same way a new npm package would in your dependency policy
- You track which skills are installed per project, the same way you track dependencies
Most of the widely used skills right now do get scanned for known issues before they gain real traction — dependency audits and prompt-injection checks, not just a star count — but "widely used" and "reviewed by your own team" are two different bars, and only one of them is your responsibility.
What this means if you're staffing for it
Evaluating and standardizing which agent plugins a dev team runs is quickly becoming its own small piece of engineering hygiene, sitting somewhere between DevOps and security review. It's exactly the kind of practical, current judgment we look for when placing engineers on AI-heavy projects — see our Agent Ops Engineer career guide for how that role has expanded to cover it.



