Skills
skills/truefoundry/tfy-gateway-skills/tracing/Gen Agent Trust Hub

tracing

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs standard application instrumentation and cloud platform management tasks for the TrueFoundry tracing platform.
  • [COMMAND_EXECUTION]: Uses local Bash scripts (scripts/tfy-api.sh and scripts/tfy-version.sh) to interact with the TrueFoundry API and detect environment versions. The API helper script includes security checks to prevent path traversal (e.g., checking for ..) in API paths.
  • [EXTERNAL_DOWNLOADS]: Orchestrates the installation of standard observability packages: traceloop-sdk for Python and @traceloop/node-server-sdk for Node.js. These are well-known libraries aligned with the skill's stated purpose.
  • [CREDENTIALS_UNSAFE]: Appropriately handles sensitive information by recommending the use of environment variables or .env files for the TFY_API_KEY. The tfy-api.sh script parses .env files line-by-line without using the unsafe source command.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:24 PM