truefoundry-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages setup and registration using the official truefoundry CLI and Python package. Installations use pinned versions (e.g., truefoundry==0.5.0) from standard registries.
- [SAFE]: API communication is handled through a custom shell wrapper (tfy-api.sh) that implements secure credential handling, validation against path traversal, and uses standard authentication headers.
- [SAFE]: Sensitive configuration data is stored in local environment variables or .env files, which is consistent with standard developer workflows and local project security practices.
- [SAFE]: All external resource references, including API endpoints (.truefoundry.cloud) and container images (public.ecr.aws/truefoundrycloud/), belong to the official vendor infrastructure.
- [SAFE]: The skill includes explicit instructions for the agent to avoid fetching untrusted third-party content from external release pages, reducing the risk of indirect prompt injection.
Audit Metadata