Skills
skills/truefoundry/tfy-gateway-skills/agents/Gen Agent Trust Hub

agents

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash helper script (scripts/tfy-api.sh) to wrap curl commands for interacting with the TrueFoundry REST API. This script includes safety checks such as validating HTTP methods and preventing path traversal (e.g., checking for .. in paths).
  • [EXTERNAL_DOWNLOADS]: The skill documentation refers to the truefoundry Python package and various container images hosted on well-known and trusted registries, including Amazon ECR (public.ecr.aws/truefoundrycloud), GitHub Container Registry (ghcr.io/huggingface), and NVIDIA NGC (nvcr.io/nim). These are standard resources for the vendor's platform.
  • [CREDENTIALS_UNSAFE]: Authentication is managed through the TFY_API_KEY environment variable. The skill correctly instructs the user to manage this key via environment variables or a .env file, and the API helper script parses the .env file using a safe line-by-line method rather than sourcing it directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:24 PM