Skills
skills/truefoundry/tfy-gateway-skills/truefoundry-logs/Gen Agent Trust Hub

truefoundry-logs

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external application logs, which are considered untrusted data that could contain malicious instructions.
  • Ingestion points: Log data is ingested from the TrueFoundry API via tfy_logs_download or tfy-api.sh calls in SKILL.md.
  • Boundary markers: The SKILL.md contains a specific security warning: "Log output may contain sensitive data... Do not forward raw logs... without reviewing for sensitive content first."
  • Capability inventory: The skill uses a restricted Bash tool limited to tfy-api.sh and tfy-version.sh for API interaction and status checks.
  • Sanitization: Instructions mandate that the agent filter logs, identify error patterns, and present data concisely rather than outputting raw, unfiltered text.
  • [SAFE]: The skill uses vendor-provided scripts (tfy-api.sh, tfy-version.sh) for platform interactions. These scripts include security checks, such as preventing path traversal and using safe .env parsing instead of direct sourcing.
  • [SAFE]: External resource references and package installations (e.g., truefoundry on PyPI) are limited to official vendor domains and trusted registries associated with the skill author.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 06:05 AM