fw-app-dev
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the shell tool to perform environment checks (
node --version,fdk version), execute application validation workflows (fdk validate), and manage project dependencies (npm install). These operations are required for its function as a development and orchestration layer for the Freshworks SDK. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of the Freshworks FDK CLI from
cdn.freshdev.ioand provides paths to fetch additional developer tools from the author's official GitHub repository (github.com/freshworks-developers). These sources are verified and consistent with the skill's stated purpose. - [REMOTE_CODE_EXECUTION]: The skill includes instructions to install global CLI tools from remote tarballs and add sibling skills using
npx. This behavior is limited to the toolchain setup process and targets official vendor infrastructure. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it is designed to read, analyze, and modify third-party source code (e.g., manifest.json, server.js). This is inherent to its role as an automated auditor and developer tool. The risk is managed through specific security rules (e.g., rules/security.mdc) that guide the agent to handle user-provided code safely.
Audit Metadata