Skills
skills/truefoundry/tfy-gateway-skills/prompts/Gen Agent Trust Hub

prompts

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a standard management tool for TrueFoundry services and does not contain any malicious behavior or security bypasses.
  • [COMMAND_EXECUTION]: Provides authenticated helper scripts (tfy-api.sh, tfy-version.sh) for interacting with the TrueFoundry API. These scripts are properly scoped and include validation to prevent common attacks like path traversal.
  • [EXTERNAL_DOWNLOADS]: References the truefoundry Python package and various official container images from trusted registries (AWS ECR, GHCR, NVIDIA). These are documented for legitimate service deployment and management.
  • [CREDENTIALS_UNSAFE]: Promotes secure secret management by using environment variables, .env files, and tfy-secret:// references instead of hardcoding sensitive data.
  • [PROMPT_INJECTION]: While the skill manages LLM prompts (an indirect injection surface), it explicitly includes warnings to review prompt content from untrusted sources before creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:25 PM