truefoundry-mcp-servers
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill manages platform API keys and authentication tokens. It implements safety measures by recommending secret references (tfy-secret://) and warning against hardcoding credentials in the CLI history. Access to sensitive local files like ~/.truefoundry/credentials.json is performed solely to verify authentication status.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official truefoundry Python package via pip. This is a trusted vendor resource necessary for the skill's operation.
- [COMMAND_EXECUTION]: The skill executes tfy CLI commands and authenticated curl requests to the TrueFoundry platform. It requires explicit user confirmation and dry-run previews before any state-modifying actions are performed.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external API endpoints, such as server lists and existing configurations. It mitigates risks associated with untrusted content by requiring human-in-the-loop review of diffs and summaries before applying any updates to the infrastructure.
Audit Metadata