docs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell scripts (
scripts/tfy-api.shandscripts/tfy-version.sh) and theBashtool to interact with the TrueFoundry API and perform system environment checks. The API helper script implements security controls including HTTP method validation and path traversal prevention. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and resource guidelines from official vendor domains (
truefoundry.com,truefoundry.cloud). It also references container images for model serving and development from trusted registries such as Amazon ECR, GitHub Container Registry (ghcr.io), and NVIDIA NGC. - [PROMPT_INJECTION]: The skill processes external documentation which represents an indirect prompt injection surface. The instructions include specific guidance for the agent to extract only technical data (such as version numbers) and to disregard any potential instructions or code found on third-party pages.
- [CREDENTIALS_UNSAFE]: The skill manages a platform API key for authentication. It proactively warns users against passing the API key as a command-line argument during CLI login to prevent the sensitive token from being stored in the shell's command history.
Audit Metadata