The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to inspect the local Android project structure, such as finding Gradle files and manifests. It also invokes the stream CLI to fetch API keys and generate user tokens. These operations are essential for the skill's purpose and are conducted using a restricted set of allowed tools.\n- [EXTERNAL_DOWNLOADS]: The skill provides a command to install the Stream CLI from getstream.io. As this is the official domain of the skill's author and service provider, the download is considered a legitimate part of the developer workflow and is safe.\n- [REMOTE_CODE_EXECUTION]: The CLI installation process involves executing a remote script from the vendor's official domain. This pattern is transparently documented and is consistent with the standard installation methods for the vendor's tooling.\n- [DATA_EXFILTRATION]: While the skill manages API keys and tokens, it provides clear security guidance, explicitly warning against hardcoding secrets in source code and advising the use of the CLI or secure environment variables. No malicious exfiltration patterns were identified.

stream-android