Skills
skills/truefoundry/skills/truefoundry-onboard/Gen Agent Trust Hub

truefoundry-onboard

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the CLI lifecycle, including checking versions, performing interactive logins, and running Python scripts to inspect local configuration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided tenant URLs into shell commands.
  • Ingestion points: User input for the tenant URL in Step 4 of SKILL.md.
  • Boundary markers: The URL is wrapped in double quotes in the tfy login command, but no explicit delimiters or "ignore embedded instructions" warnings are provided to the agent.
  • Capability inventory: The skill has access to standard Bash tools and Python as defined in the allowed-tools metadata.
  • Sanitization: There is no evidence of validation, sanitization, or escaping of the user-provided URL string before execution.
  • [EXTERNAL_DOWNLOADS]: The skill installs the truefoundry Python package via pip or uv. As this is a vendor-owned package, this is considered an expected functional behavior for an onboarding tool.
  • [COMMAND_EXECUTION]: The skill reads the ~/.truefoundry/credentials.json file using a Python script. While this involves accessing sensitive credential metadata on the local file system, it is restricted to the vendor's own application directory for state verification purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 09:28 PM
Security Audit — agent-trust-hub — truefoundry-onboard