applications
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is focused on the legitimate management of cloud applications and provides clear, safe instructions for agent behavior.
- [COMMAND_EXECUTION]: The skill uses bash helper scripts (
tfy-api.sh,tfy-version.sh) to perform API calls via curl and check environment status. These scripts are implemented with defensive measures, including method whitelisting and path traversal prevention. - [DATA_EXFILTRATION]: The skill manages authentication via user-provided API keys in the environment or .env files. The API helper script correctly restricts communication to the user-configured TrueFoundry base URL.
- [EXTERNAL_DOWNLOADS]: The skill references container images and installation packages from trusted or well-known sources, including AWS ECR, GitHub Container Registry, NVIDIA, and the official TrueFoundry package registry.
- [PROMPT_INJECTION]: The skill provides explicit safety guardrails for the agent, such as a 'MANDATORY' rule for workspace confirmation and a strict policy against programmatic application deletion.
Audit Metadata