Skills
skills/truefoundry/tfy-deploy-skills/truefoundry-service-test/Gen Agent Trust Hub

truefoundry-service-test

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides logic to automatically install the vendor's command-line interface and Python library from the standard package registry if they are not already present in the environment.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute shell commands for service health checks, smoke testing, and performance validation using tools like curl.
  • [PROMPT_INJECTION]: The skill identifies a potential attack surface for indirect prompt injection within the responses of the services being tested. It incorporates specific guidance for the agent to treat these responses as untrusted third-party content and avoid interpreting instructions embedded in them.
  • Ingestion points: HTTP response bodies returned from services during health and endpoint tests in SKILL.md.
  • Boundary markers: Explicit security warnings in the Layer 3 instructions of the SKILL.md file.
  • Capability inventory: Access to shell command execution through the Bash tool and interaction with the TrueFoundry platform API.
  • Sanitization: Guidelines for the agent to parse only structured metadata and HTTP status codes rather than interpreting response body text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:18 PM