volumes
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom helper script,
tfy-api.sh, to perform authenticated REST API calls to the TrueFoundry platform. This script implements several security measures: it validates the API path to prevent directory traversal attacks (checking for '..'), uses shell arrays for command arguments to prevent injection, and includes a custom parser for.envfiles that avoids the risks associated with sourcing untrusted shell scripts. - [EXTERNAL_DOWNLOADS]: The skill's documentation recommends the installation of the official
truefoundryPython package to enable CLI-based resource management. This is a standard and expected operation for interacting with the TrueFoundry service. - [DATA_EXFILTRATION]: The skill communicates with the TrueFoundry platform API to transmit resource manifests and configuration settings. This data transfer is restricted to the endpoint specified in the
TFY_BASE_URLenvironment variable and is the primary intended function of the skill.
Audit Metadata