The Agent Skills Directory

[SAFE]: The skill implements a robust credential handling policy that prohibits the use of raw tokens or secrets. It requires all sensitive data to be referenced using the tfy-secret:// URI scheme, which prevents credential exposure in deployment manifests and logs.
[SAFE]: Security gates are explicitly defined for the registration of remote MCP servers and OpenAPI specifications. The instructions require the agent to confirm the source domain and intended usage with the user before performing tool generation or network registration, mitigating the risk of indirect prompt injection.
[SAFE]: The tfy-api.sh script is a transparent utility for interacting with the TrueFoundry REST API. It uses secure practices such as validating HTTP methods and paths to prevent traversal attacks, and it parses environment variables from local .env files using a safe line-by-line method rather than executing the file.

truefoundry-mcp-servers