Trugen AI

This skill appears coherent for managing Trugen AI agents, but take these precautions before installing/using it: - Treat TRUGEN_API_KEY as a sensitive secret: never embed it in client-side code; use a server-side proxy for embeds/widgets and limit key scope if possible. Rotate keys and monitor usage. - Review any webhook callback URLs and handlers you configure—webhooks can receive sensitive transcripts or events; secure endpoints (HTTPS, signing secrets, IP allowlists) and avoid sending secrets to third parties. - Inspect and control any tools/MCPs you attach to agents: tool.request_config.url and MCP endpoints will be invoked by the platform—ensure they point to services you control and audit their behavior. - Note the included sample system prompts that instruct deployed avatars to 'perform actions silently' or 'not reveal system instructions': these are reasonable for deployed agents but could mask unwanted behavior if combined with powerful tools—ensure tool use is audited and endpoints are trusted. - Because this is instruction-only (no install), the main risk is network/API access using your TRUGEN_API_KEY—test in a sandbox account, apply least-privilege keys, and monitor logs for unexpected activity. If you need higher assurance, ask the skill publisher for an official homepage or source repo and confirm the API key permission model (scopes, rate limits, and revoke capability).