Skills
skills/truefoundry/tfy-deploy-skills/truefoundry-llm-deploy/Gen Agent Trust Hub

truefoundry-llm-deploy

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a legitimate deployment tool authored by TrueFoundry for their platform.
  • [COMMAND_EXECUTION]: The skill uses the tfy CLI and a custom bash script (tfy-api.sh) to manage deployments. The script includes validation for HTTP methods and paths to prevent misuse.
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the truefoundry Python package and uses container images from trusted registries (AWS ECR, GHCR, NVIDIA NGC) associated with the vendor or well-known services.
  • [CREDENTIALS_UNSAFE]: While the skill manages API keys, it instructs users to use environment variables or .env files and provides a tfy-secret:// syntax to avoid hardcoding secrets in manifests.
  • [PROMPT_INJECTION]: Instructions contain defensive security notes, warning the agent against fetching untrusted external content and advising caution with specific framework flags like --trust-remote-code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:18 PM