truefoundry-ai-gateway
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements strong security practices by requiring explicit user confirmation before selecting a workspace, preventing accidental configuration of the wrong environment.
- [SAFE]: Instructions correctly emphasize the use of 'tfy-secret://' references instead of hardcoding sensitive credentials like API keys or passwords in manifest files.
- [SAFE]: The provided helper script 'tfy-api.sh' includes validation for HTTP methods and basic path traversal checks to ensure API interactions remain within intended boundaries.
- [SAFE]: Documentation includes explicit warnings against fetching or parsing content from external, untrusted sources to prevent indirect prompt injection attacks.
Audit Metadata