Skills
skills/truefoundry/skills/truefoundry-prompts/Gen Agent Trust Hub

truefoundry-prompts

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the tfy CLI and curl via a provided helper script (tfy-api.sh) to communicate with the TrueFoundry platform. This is the primary method for managing resources in the registry.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests installing the truefoundry Python package from the official PyPI registry to provide CLI functionality.
  • [DATA_EXFILTRATION]: The skill accesses ~/.truefoundry/credentials.json and uses the TFY_API_KEY environment variable to authenticate requests to the user's TrueFoundry tenant. This access is local and required for the skill to function as an authenticated client for the vendor's service.
  • [SAFE]: No malicious patterns such as obfuscation, unauthorized persistence, or privilege escalation were detected. The skill's behavior is consistent with its stated purpose of prompt management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 09:28 PM
Security Audit — agent-trust-hub — truefoundry-prompts