truefoundry-access-tokens

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to reveal newly-created personal access tokens verbatim (one-time full token reveal) upon user confirmation, which requires the LLM to output secret values directly and thus poses an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly allows registering hosted A2A agents and remote OpenAPI specs that are fetched at runtime (e.g., agent_card_url "https://research-agent.example.com/.well-known/agent.json" and remote spec "https://api.weather.example.com/openapi.json"), and the manifest/schema text states those remote resources are fetched and converted into agent tools or can influence agent behavior, so they are runtime external dependencies that can directly control prompts or capabilities.