Skills
skills/truefoundry/tfy-gateway-skills/truefoundry-ai-monitoring/Gen Agent Trust Hub

truefoundry-ai-monitoring

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bash script (tfy-api.sh) to perform authenticated API calls using curl. The script is well-structured and includes validation to prevent path traversal and shell injection.
  • [DATA_EXFILTRATION]: The skill transmits the TFY_API_KEY (as a Bearer token) to the API endpoint specified in the TFY_BASE_URL environment variable. This is the standard and intended authentication method for the TrueFoundry platform.
  • [PROMPT_INJECTION]: The skill documentation (references/container-versions.md) contains specific instructions to the agent to avoid fetching or parsing content from third-party release pages, which mitigates the risk of indirect prompt injection from untrusted web content.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets were found. The skill correctly instructs users to manage sensitive API keys via environment variables or .env files, and the API helper script parses these safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 06:04 AM