Skills
skills/truefoundry/skills/truefoundry-platform/Gen Agent Trust Hub

truefoundry-platform

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a helper script (scripts/tfy-api.sh) to perform authenticated REST API calls to the TrueFoundry platform using curl. The script includes security checks to prevent path traversal in API paths.
  • [COMMAND_EXECUTION]: The skill provides instructions for installing and managing the truefoundry Python package and CLI tool using pip and uv package managers.
  • [COMMAND_EXECUTION]: Local file access is performed to verify existing login credentials at ~/.truefoundry/credentials.json, which is the standard configuration path for the TrueFoundry CLI.
  • [SAFE]: The skill implements strict security policies for handling sensitive data, such as masking Personal Access Tokens (PATs) and requiring explicit user confirmation before displaying them. It also mandates Human-In-The-Loop (HITL) approval for destructive or resource-creating operations.
  • [SAFE]: Network operations are restricted to the user-configured TrueFoundry base URL and are used exclusively for platform management functions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 09:28 PM
Security Audit — agent-trust-hub — truefoundry-platform