prompts
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by TrueFoundry and manages resources on the TrueFoundry platform using official APIs and CLI tools. All analyzed behaviors align with its stated purpose.
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts (
scripts/tfy-api.sh,scripts/tfy-version.sh) and thetfyCLI to interact with the platform. These scripts include safety checks, such as preventing path traversal and validating HTTP methods. - [EXTERNAL_DOWNLOADS]: The skill references container images and configurations from well-known and trusted sources, including TrueFoundry's official Amazon ECR repository, GitHub Container Registry (Hugging Face), and NVIDIA's NGC catalog.
- [CREDENTIALS_UNSAFE]: The skill handles authentication via the
TFY_API_KEY, which it reads from environment variables or a local.envfile. This is standard and documented behavior for interacting with the TrueFoundry REST API. - [SAFE]: The skill includes explicit instructions for agents to confirm workspace selection with the user, mitigating the risk of accidental deployment to incorrect environments.
Audit Metadata