Skills
skills/truefoundry/tfy-deploy-skills/truefoundry-access-tokens/Gen Agent Trust Hub

truefoundry-access-tokens

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements a robust security policy that forbids the agent from repeating, storing, or logging access tokens. It mandates that token values are shown only once upon creation and only after explicit human confirmation.
  • [EXTERNAL_DOWNLOADS]: In the prerequisites documentation, the skill includes shell commands to automatically install the truefoundry Python package and its dependencies from PyPI. These downloads target official vendor software required for the skill's operation.
  • [COMMAND_EXECUTION]: The skill uses a bash helper script (tfy-api.sh) to execute authenticated curl commands. This script performs input validation on API paths to prevent path traversal and securely handles credentials from the local environment or configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:18 PM