A skill manifest describes a capability the way an OpenAPI spec describes an endpoint: JSON Schema for input and output, permissions, risk class, execution requirements, and publisher metadata. Manifests live on IPFS; the registry stores the authoritative anchor.
Because the interface is typed, a runtime can validate calls before paying for them. Because the manifest is content-addressed, two runtimes can disagree on a great deal and still agree on exactly which skill the persona is composing with.
This is what makes agents portable. The persona is identity; the skills are capability. Both are referenced, not embedded. A new runtime doesn't reimplement skills — it resolves their manifests and executes against the same contract.
The interesting design pressure comes from risk class. A skill that reads public data is not a skill that signs a transaction. Manifests carry that distinction explicitly so runtimes can refuse, prompt, or escalate without inventing their own taxonomy.