The Agent Skills Directory

[SAFE]: The skill enables management of TrueFoundry infrastructure using a combination of the tfy CLI and a local helper script (scripts/tfy-api.sh) that wraps authenticated curl requests.
[DATA_EXPOSURE]: While the skill handles sensitive API keys, it follows security best practices by reading them from environment variables or .env files. The helper script implements a safe line-by-line parser for .env files to avoid the risks associated with the source command. Furthermore, the skill provides extensive documentation on using tfy-secret:// references to avoid hardcoding credentials in deployment manifests.
[PROMPT_INJECTION]: The skill proactively addresses indirect prompt injection risks in references/container-versions.md, explicitly instructing the agent not to fetch or parse content from external release pages and to favor pinned, vendor-verified container images.
[COMMAND_EXECUTION]: Execution is restricted to local scripts and the vendor's CLI tool (tfy). The helper script tfy-api.sh includes validation to prevent path traversal in API paths and restricts HTTP methods to a whitelist.
[EXTERNAL_DOWNLOADS]: The skill references the official truefoundry Python package and container images hosted on the vendor's infrastructure (AWS ECR and JFrog). These are documented neutrally as standard project dependencies.

workspaces