truefoundry-integrate-gateway
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands and scripts (including
scan.shandverify-gateway.sh) to perform codebase analysis, search for files usingfindandrg, and verify the gateway usingcurlandpython3. - [CREDENTIALS_UNSAFE]: The skill reads the local
~/.truefoundry/credentials.jsonfile to verify the user's login status and utilizes thescan.shscript to audit the codebase for hardcoded API keys and environment variable references. These actions are transparent and necessary for the skill's primary purpose of migrating credentials to the TrueFoundry Secrets manager. - [DATA_EXFILTRATION]: The
verify-gateway.shscript and Phase 6 of the integration flow send test requests to the TrueFoundry Gateway (gateway.truefoundry.ai). This network activity is documented and directed to the vendor's official infrastructure for smoke testing and latency verification. - [PROMPT_INJECTION]: The skill processes untrusted project data during the scanning phase, creating a surface for indirect prompt injection. The skill implements the following safeguards:
- Ingestion points: Project source files are read and analyzed by
scripts/scan.shand Phase 2 of the skill. - Boundary markers: The skill requires the generation of a migration plan report and explicit user confirmation before any modifications are executed.
- Capability inventory: The skill possesses capabilities for filesystem modification (updating
.envand.gitignore), shell execution (bash,rg), and network communication (curl). - Sanitization: Phase 1 includes a critical safety check to ensure that
.envfiles are ignored by git before processing any sensitive data.
Audit Metadata