ml-repos
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages authentication securely using environment variables (
TFY_API_KEY,TFY_BASE_URL) or local.envfiles. Thetfy-api.shhelper script uses a safe line-by-line parser for configuration files to avoid vulnerabilities associated with shell sourcing. - [SAFE]: Network communications are directed to the user's platform URL or vendor-owned domains. The API helper script includes validation logic to ensure that HTTP methods are restricted to a whitelist and that API paths do not contain traversal sequences (..).
- [SAFE]: External dependencies, such as the
truefoundryCLI and container images (vLLM, TGI, NVIDIA NIM), originate from official vendor repositories or well-known, trusted registries including AWS ECR, GitHub Container Registry, and NVIDIA NGC. - [SAFE]: The skill enforces operational safety by requiring the AI agent to obtain explicit user confirmation before selecting or deploying to a workspace, mitigating the risk of unintended modifications to the user's environment.
Audit Metadata