secrets
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard administrative extension for the TrueFoundry platform, providing tools to manage secret groups and values.
- [SAFE]: Implements a mandatory security policy that prohibits the agent from displaying or logging raw secret values, requiring the use of environment variable indirection instead.
- [COMMAND_EXECUTION]: Includes a local helper script
scripts/tfy-api.shthat wrapscurlto interact with the TrueFoundry REST API. The script includes basic validation to prevent path traversal and ensures secure handling of theTFY_API_KEYvia authorization headers. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the official
truefoundryPython package for CLI functionality, which is a trusted vendor resource. - [PROMPT_INJECTION]: Contains explicit instructions for the agent to ignore potentially malicious content on external release pages (GitHub, NGC, HuggingFace) to mitigate indirect prompt injection risks.
Audit Metadata