The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local bash scripts (tfy-api.sh, tfy-version.sh) for API interaction and environment detection. These scripts include security checks, such as verifying that API paths do not contain traversal sequences (..).
[EXTERNAL_DOWNLOADS]: The skill contains logic to automatically install the official truefoundry CLI package from PyPI if it is not present. This download is limited to the vendor's own verified package and is necessary for the skill's primary functionality.
[CREDENTIALS_UNSAFE]: The skill follows security best practices by instructing users to manage API keys and passwords via environment variables or TrueFoundry's internal secret store (tfy-secret://), explicitly advising against hardcoding sensitive information.
[PROMPT_INJECTION]: The references/container-versions.md file contains explicit safety instructions warning the agent not to fetch or parse content from external release pages, serving as a defense against indirect prompt injection.

truefoundry-volumes