workspaces
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to interact with the TrueFoundry platform via its official REST API. All identified endpoints (e.g., truefoundry.cloud) belong to the vendor's infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the 'truefoundry' Python package and communicates with the TrueFoundry API using curl. These interactions are directed towards trusted vendor resources and well-known registries (PyPI), which is standard for the skill's purpose.
- [COMMAND_EXECUTION]: The skill uses two Bash scripts, 'tfy-api.sh' and 'tfy-version.sh', to facilitate API requests and detect tool versions. These scripts include security checks, such as validating API paths to prevent directory traversal and using arrays for safe command construction.
- [PROMPT_INJECTION]: The skill documentation includes a 'HARD RULE' requiring the agent to obtain explicit user confirmation before selecting a workspace for deployment, serving as a safety guardrail against unintended modifications.
Audit Metadata