Skills
skills/truefoundry/tfy-gateway-skills/docs/Gen Agent Trust Hub

docs

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill interacts exclusively with official TrueFoundry platform domains (truefoundry.com, truefoundry.cloud) and trusted container registries such as AWS ECR, GHCR, and NVIDIA NGC.
  • [SAFE]: Credential management is handled securely via environment variables and .env files. The documentation provides explicit instructions for the agent to avoid logging or exposing secret tokens.
  • [SAFE]: The included helper script tfy-api.sh implements security validations, including checks for allowed HTTP methods and protection against path traversal in API paths.
  • [SAFE]: Python package dependencies, specifically the truefoundry SDK, are vendor-specific and version-pinned.
  • [SAFE]: The skill demonstrates high security awareness by explicitly instructing the agent to avoid ingesting content from untrusted third-party release pages to prevent indirect prompt injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:25 PM