ai-gateway
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bash helper script (tfy-api.sh) and the TrueFoundry CLI (tfy) to perform authenticated operations against the platform. These commands are restricted to the intended management functions of the skill and include basic validation such as path traversal checks.
- [CREDENTIALS_UNSAFE]: The skill manages platform authentication via Personal Access Tokens (PAT) and Virtual Access Tokens (VAT). It correctly instructs users to use environment variables or .env files for local secret management and provides specific warnings against practices that would leak credentials into shell history.
- [DATA_EXFILTRATION]: Network communication is directed solely to the user-specified TrueFoundry platform endpoint (TFY_BASE_URL) for legitimate API operations. No unauthorized data exfiltration patterns were identified.
- [REMOTE_CODE_EXECUTION]: The skill recommends the installation of the official 'truefoundry' Python package from a standard registry. It does not employ dangerous patterns like piping remote scripts directly into a shell.
Audit Metadata