access-control
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates management of roles, teams, and collaborators on the TrueFoundry platform.
- [SAFE]: Authentication is performed using standard environment variables (
TFY_API_KEYandTFY_BASE_URL) or values from a.envfile. The helper scripttfy-api.shimplements a safe line-by-line parser for.envfiles to avoid executing arbitrary code or using shell expansion on untrusted input. - [SAFE]: Network operations are confined to the user-specified
TFY_BASE_URLfor interacting with the TrueFoundry API. The skill does not attempt to send data to unknown external domains. - [SAFE]: The helper script
tfy-api.shincludes validation to prevent path traversal attacks by ensuring the API path starts with a forward slash and does not contain directory traversal sequences (e.g., '..'). - [SAFE]: Privileged operations such as creating or deleting roles and adding collaborators are explicitly noted in the instructions as requiring human approval (HITL) and verification of identities.
- [SAFE]: External references for container images target trusted and well-known registries including Amazon ECR (
public.ecr.aws), GitHub Container Registry (ghcr.io), and NVIDIA's NGC catalog.
Audit Metadata