The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill is designed with defensive patterns and follows vendor-recommended security practices.
[COMMAND_EXECUTION]: The skill utilizes a custom shell script (tfy-api.sh) to interface with the TrueFoundry REST API. This script includes rigorous validation of HTTP methods and API paths to prevent command injection and path traversal attacks.
[EXTERNAL_DOWNLOADS]: Dependencies such as the truefoundry CLI and container images for model serving are sourced from official registries (PyPI, AWS ECR, and GitHub Container Registry). These are trusted vendor resources and well-known services that do not escalate the security risk.
[CREDENTIALS_UNSAFE]: Authentication is managed safely through environment variables and .env files. The skill includes explicit warnings against hardcoding credentials and encourages the use of TrueFoundry's internal secret management system for sensitive data in manifests.
[PROMPT_INJECTION]: The skill mitigates the risk of unintended agent actions by enforcing a 'Mandatory Workspace FQN Rule,' which requires the agent to obtain explicit user confirmation before selecting a target workspace, even if only one is available.

truefoundry-access-control