Skills
skills/truefoundry/tfy-gateway-skills/truefoundry-docs/Gen Agent Trust Hub

truefoundry-docs

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation, deployment guides, and API references from the official TrueFoundry domain (truefoundry.com).
  • [COMMAND_EXECUTION]: Executes the official TrueFoundry CLI (tfy) and recommended Python package to manage platform resources and deployments.
  • [COMMAND_EXECUTION]: Uses helper scripts (tfy-api.sh and tfy-version.sh) to interact with the platform API and check environment compatibility. These scripts include security measures like path-traversal validation and safe environment variable loading.
  • [DATA_EXFILTRATION]: Accesses TFY_API_KEY and TFY_BASE_URL to authenticate requests to the TrueFoundry platform. Credentials are used only for authorized vendor API communication; no exfiltration to third-party domains was detected.
  • [PROMPT_INJECTION]: The skill processes content fetched from the web, which creates a surface for indirect prompt injection. However, the skill includes comprehensive warnings and instructions for the agent to summarize content rather than follow instructions from external URLs, effectively mitigating the risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 06:04 AM