The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the local codebase and deployment logs to automate tasks.
Ingestion points: Processes project files like docker-compose.yml and requirements.txt for architecture detection and resource estimation, and fetches runtime logs for debugging purposes.
Boundary markers: Lacks consistent use of delimiters or "ignore embedded instructions" warnings when processing external data from project files or logs.
Capability inventory: Possesses permissions to execute tfy, docker, and curl commands, which could be abused if the agent is manipulated by injected instructions.
Sanitization: No explicit validation or escaping of ingested file content or log data is implemented before the agent processes it.
[DATA_EXFILTRATION]: Accesses sensitive credentials from local configuration files for its primary deployment functions.
The tfy-api.sh utility script parses the entire .env file and exports all detected key-value pairs into the shell environment without filtering for specific prefixes, which could expose unrelated secrets to subsequent processes or logs.
[COMMAND_EXECUTION]: Reliant on shell command execution for core functionality.
Interacts with the system using tfy, docker, pip, and curl commands.
Includes an authenticated API wrapper (tfy-api.sh) that implements basic validation to prevent path traversal, though the overall reliance on shell interaction remains a potential vector for command injection if inputs are not properly handled.
[EXTERNAL_DOWNLOADS]: Fetches dependencies and container images from external sources.
Installs the TrueFoundry CLI from the official Python package registry (PyPI).
Pulls container images from trusted registries (AWS ECR, GHCR) for various deployment types like notebooks and SSH servers.

truefoundry-deploy