The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the truefoundry Python package via pip and utilizes container images from trusted and well-known repositories, including Amazon ECR (TrueFoundry), JFrog (TrueFoundry), HuggingFace (ghcr.io), and NVIDIA NGC. These sources are considered safe under vendor and well-known service guidelines.
[COMMAND_EXECUTION]: The skill executes the tfy CLI and provided helper scripts (tfy-api.sh, tfy-version.sh) for resource deployment, manifest validation, and version checking. The tfy-api.sh script includes protections against path traversal and ensures that environment variable keys are strictly formatted.
[PROMPT_INJECTION]: As an indirect prompt injection surface, the skill processes user-provided YAML manifests within CI/CD pipelines. It mitigates risk by recommending tfy apply --dry-run for pull request validation and explicitly uses yaml.safe_load() in its provided GitHub Actions template to prevent unsafe deserialization of external content.
[CREDENTIALS_UNSAFE]: The skill manages the TFY_API_KEY by instructing users to configure it as a protected secret/variable within their CI/CD provider (GitHub, GitLab, or Bitbucket), which is the standard best practice for credential management in automated pipelines.

gitops