The Agent Skills Directory

[SAFE]: The skill uses local helper scripts (tfy-api.sh) to interact with TrueFoundry's official REST API endpoints for project and application management. These interactions are authenticated and scoped to the user's platform instance.
[SAFE]: It manages dependencies using standard package managers (pip install, npm install) to fetch well-known observability libraries from official registries (traceloop-sdk, @traceloop/node-server-sdk) and the vendor's own CLI tool.
[SAFE]: Credential management for TFY_API_KEY is handled via environment variables or .env files, which is a standard development practice. The skill explicitly instructs users to avoid hardcoding secrets and refers to a secrets skill for production-grade management.
[SAFE]: The documentation includes proactive security guidelines for the AI agent, specifically instructing it not to fetch, parse, or ingest content from external release pages to mitigate risks of indirect prompt injection.

truefoundry-tracing