The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs the Homebrew package manager using the official installation script from https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh. It also installs the valet-cli from the author's official tap via brew install valetdotdev/tap/valet-cli.- [REMOTE_CODE_EXECUTION]: The skill executes the Homebrew installer script directly via a shell command substitution: bash -c "$(curl ...)". This is the standard method for installing this well-known service.- [COMMAND_EXECUTION]: The skill makes extensive use of the valet CLI and other tools such as brew and npx to manage agent projects, authentication, and deployment.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads session logs from ~/.claude/projects/ to facilitate its 'learning' functionality, which captures user workflows to generate new agents. The skill explicitly instructs the agent to never ask for secret values within the LLM session, directing users to local terminal commands instead.- [INDIRECT_PROMPT_INJECTION]: The skill has a defined surface for processing untrusted data which could contain malicious instructions.
Ingestion points: It reads session logs (.jsonl files), fetches content from external URLs (GitHub, npmjs, skills.sh), and processes incoming webhook payloads.
Boundary markers: For webhooks, it uses specific instructions to delimit the payload (e.g., 'The JSON webhook payload is appended directly after these instructions').
Capability inventory: The skill has access to the bash tool for command execution and file system write operations.
Sanitization: The skill includes logic to replace specific identifiers with placeholders when generating agent files from session data.

valet