Skills
skills/truefoundry/tfy-gateway-skills/integrations/Gen Agent Trust Hub

integrations

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local bash scripts (tfy-api.sh, tfy-version.sh) and optionally the TrueFoundry CLI (tfy). The scripts include validation logic for HTTP methods and path traversal, ensuring commands remain within the scope of intended platform operations.
  • [DATA_EXFILTRATION]: Network operations are directed to the user-specified TFY_BASE_URL. The skill implements a robust credential handling policy that prohibits the storage or display of raw API keys, requiring all sensitive values to be referenced through TrueFoundry's internal secret management system.
  • [PROMPT_INJECTION]: The instructions include defensive prompts that direct the agent to refuse raw credentials from users and warn them about security risks, effectively mitigating potential credential injection attempts during the integration setup process.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:25 PM