The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the prlctl command-line utility to manage and interact with Parallels Virtual Machines. This includes listing VMs (prlctl list), executing commands in the guest (prlctl exec), capturing screenshots (prlctl capture), and sending keyboard events via a JSON payload.
[COMMAND_EXECUTION]: The helper script scripts/parallels_type.py uses the Python subprocess module to programmatically send key events to the VM. It uses the list-based invocation method (e.g., subprocess.run(['prlctl', ...])), which avoids shell injection vulnerabilities on the host system.
[DATA_EXPOSURE]: The skill captures screenshots of the guest VM and saves them to the host's /tmp directory for verification purposes. The instructions explicitly warn against printing secrets and suggest using tmux for sensitive operations inside the VM.
[SAFE]: Instructions for using sudo are specifically targeted at the guest environment (e.g., sudo -u steipete) to manage user context within the VM lab. This does not represent a privilege escalation risk to the host machine.
[SAFE]: The skill's primary purpose is GUI automation and testing in a lab environment. The tools and techniques described (e.g., sips for image metadata, Ghostty for terminal access) are standard developer tools consistent with the stated intent.

vm-lab