Skills
skills/truefoundry/tfy-deploy-skills/truefoundry-ml-repos/Gen Agent Trust Hub

truefoundry-ml-repos

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes data from the TrueFoundry API, such as repository names and model identifiers. This represents an indirect prompt injection surface where resources with malicious names could potentially influence agent behavior.
  • Ingestion points: GET /api/ml/v1/ml-repos and GET /api/ml/v1/models in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are used when presenting results.
  • Capability inventory: Shell execution via whitelisted Bash calls and file system access to local development paths.
  • Sanitization: No explicit validation or filtering of API-returned strings is performed before they are used in the agent's context.
  • [EXTERNAL_DOWNLOADS]: The skill provides logic to automatically install the truefoundry CLI (version 0.5.0) and its dependencies from the official PyPI registry if the tool is not found locally.
  • Source: pip install 'truefoundry==0.5.0' and uv tool install commands documented in references/prerequisites.md.
  • Evidence: Installation scripts target the vendor's own package to support the primary skill function.
  • [COMMAND_EXECUTION]: The skill uses dedicated bash scripts (scripts/tfy-api.sh and scripts/tfy-version.sh) to interact with system tools and the vendor API.
  • Evidence: tfy-api.sh is whitelisted in SKILL.md's allowed-tools and includes defensive measures such as path validation and safe environment variable parsing.
  • Evidence: tfy-version.sh executes pip and the tfy CLI to report version information back to the agent in structured JSON.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:18 PM