The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configures persistence for background operations by creating launchd plists on macOS (~~/Library/LaunchAgents/com.gbrain.autopilot.plist) and systemd user services on Linux (~~/.config/systemd/user/gbrain-autopilot.service). It also injects start-up commands into shell bootstrap scripts in ephemeral or containerized environments.
[EXTERNAL_DOWNLOADS]: Fetches and installs the core tool directly from the author's GitHub repository ('bun add github:garrytan/gbrain'). While the repository belongs to the skill's author, this bypasses the standard vetting provided by public package registries.
[DATA_EXFILTRATION]: Performs broad filesystem discovery by scanning directories including /data, ~/git, and ~/Documents to count and size markdown content. It also facilitates migrating local files to cloud storage, which involves transmitting user data to a remote service.
[CREDENTIALS_UNSAFE]: Requests and handles sensitive credentials, including PostgreSQL connection strings with embedded passwords and Supabase service role keys, which grant administrative access to cloud databases and storage.
[PROMPT_INJECTION]: Modifies the agent's behavior by injecting a 'brain-first lookup protocol' into project configuration files like AGENTS.md, which explicitly redirects the agent's knowledge retrieval strategy. Additionally, the ingestion of untrusted local files into the search index creates an indirect injection surface.
Ingestion points: Automatic discovery and indexing of markdown files in Documents, git, and data directories.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the indexed content.
Capability inventory: Ability to install background services, modify agent instruction files, and execute remote code during installation.
Sanitization: No sanitization of the content from the indexed markdown files is described.

setup