truefoundry-secrets
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill implements strict policies for handling sensitive data, instructing the agent to never log or display full secret values and to use environment variables for secret transmission. It also leverages standard
.envfile loading for local configuration, which is a recognized safe practice for secret management. - [COMMAND_EXECUTION]: Shell execution is restricted via the
allowed-toolsconfiguration to a specific helper script (tfy-api.sh). This script performs authenticated API calls and includes validation to prevent path traversal in API endpoints. - [EXTERNAL_DOWNLOADS]: The skill suggests installing the official
truefoundryCLI from PyPI. This is a standard installation from a trusted source and does not represent a security risk. - [INDIRECT_PROMPT_INJECTION]: The skill manages secrets which are potentially untrusted data sources. This risk is mitigated by instructing the agent to use
jqfor secure JSON construction and encouraging the use of environment variable indirection instead of direct string interpolation.
Audit Metadata