ai-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not exhibit any malicious patterns associated with the analyzed threat categories. Analysis of the instructions and scripts shows a clear focus on official TrueFoundry platform integration.- [COMMAND_EXECUTION]: The skill uses a custom Bash script
tfy-api.shto facilitate authenticatedcurlrequests to the TrueFoundry REST API. The script includes security checks to validate the HTTP method and prevent path traversal attacks by ensuring the API path starts with a forward slash and contains no '..' sequences.- [EXTERNAL_DOWNLOADS]: The skill documentation lists various official container images (e.g., vLLM, TGI, NVIDIA NIM) from trusted registries like AWS ECR and GHCR. It also recommends installing the officialtruefoundryCLI and SDK viapip. These downloads are from well-known/trusted sources and are necessary for the skill's purpose.- [DATA_EXFILTRATION]: The skill handles sensitive API keys and access tokens (PAT/VAT). It provides comprehensive instructions on using environment variables and the vendor's internal secret management system (tfy-secret://) to avoid exposing credentials in manifests or code.
Audit Metadata