tracing
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the installation of legitimate OpenTelemetry instrumentation libraries (
traceloop-sdkand@traceloop/node-server-sdk) through official package registries (PyPI and NPM). - [SAFE]: API communication is conducted via an authenticated wrapper script (
tfy-api.sh) that targets the organization's designated TrueFoundry instance, with built-in checks to prevent path traversal. - [SAFE]: The skill explicitly instructs users to manage sensitive credentials like
TFY_API_KEYthrough environment variables or secure secret management skills rather than hardcoding them in application code. - [SAFE]: External container images referenced in the documentation are sourced from reputable providers, including Amazon ECR, GitHub Container Registry, and NVIDIA's NGC catalog.
- [SAFE]: Analysis of the helper scripts and deployment templates revealed no evidence of obfuscation, persistence mechanisms, or unauthorized privilege escalation attempts.
Audit Metadata