Skills
skills/truefoundry/tfy-agent-skills/truefoundry-access-control/Gen Agent Trust Hub

truefoundry-access-control

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash script (scripts/tfy-api.sh) as a wrapper for curl to communicate with the TrueFoundry API. The script implements checks to validate HTTP methods and prevent path traversal in API endpoints.
  • [EXTERNAL_DOWNLOADS]: The documentation references official TrueFoundry container images and recommends installing the truefoundry Python package. These are verified vendor resources and do not represent a security risk.
  • [CREDENTIALS_UNSAFE]: Secret management follows recommended practices, using environment variables and .env files for authentication. Manifests use tfy-secret:// references to avoid plaintext exposure of sensitive data.
  • [PROMPT_INJECTION]: The instructions include security warnings and mandatory human-in-the-loop (HITL) checkpoints for all modification and deletion operations, mitigating risks from adversarial inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 11:53 PM
Security Audit — agent-trust-hub — truefoundry-access-control