truefoundry-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the official 'truefoundry' Python package and CLI tool using standard package managers (pip and uv). These resources originate from the skill's author and are used for their intended purpose of platform interaction.- [CREDENTIALS_UNSAFE]: The skill guides users through the configuration of platform credentials (TFY_API_KEY and TFY_BASE_URL). It explicitly instructs users to manage these secrets securely using environment variables or .env files, emphasizing that such files should be excluded from version control via .gitignore.- [COMMAND_EXECUTION]: Provides helper scripts ('tfy-api.sh' and 'tfy-version.sh') that utilize standard shell utilities like curl and grep. These scripts include safety checks, such as preventing path traversal in API endpoints and avoiding the use of dangerous commands like 'eval' or 'source' on untrusted input.
Audit Metadata