Skills
skills/truefoundry/tfy-gateway-skills/truefoundry-prompts/Gen Agent Trust Hub

truefoundry-prompts

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill manages resources via the TrueFoundry API, using standard authentication mechanisms and following vendor-recommended practices.
  • [SAFE]: Sensitive information such as API keys is handled through environment variables or local .env files, with clear instructions and script logic to prevent accidental exposure in logs or shell history.
  • [SAFE]: The tfy-api.sh script includes security guardrails, including validation to prevent path traversal attacks (checking for .. in paths) and using array-based argument passing for shell commands to prevent injection.
  • [SAFE]: The skill uses the allowed-tools configuration to restrict the agent's capabilities, limiting shell execution to the specific provided helper script.
  • [SAFE]: Explicit safety instructions are included to warn the agent against ingesting prompt content from untrusted external sources without user review, mitigating potential indirect prompt injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 06:05 AM