fw-publish

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates the use of local development tools including fdk, zip, unzip, jq, and curl. These tools are used to validate the application manifest, package the codebase into a distributable archive, and handle the binary upload to the Marketplace storage.
  • [DATA_EXFILTRATION]: Application source code is packaged and uploaded to a presigned S3 URL generated via the official Freshworks Developer Portal API. This is the intended core functionality of the skill, triggered only during the publishing phase.
  • [EXTERNAL_DOWNLOADS]: The skill documentation provides standard installation instructions using npx and the Claude plugin marketplace, targeting the official freshworks-developers GitHub repository. It also retrieves data from the verified mcp.freshworks.dev service endpoint.
  • [CREDENTIALS_UNSAFE]: The skill includes a configuration script in subagents/mcp-config-prompt.md to help users store their Developer Portal API keys for the IDE. The script implements security best practices by using read -sp to hide sensitive input and applying chmod 600 to the resulting configuration file (~/.cursor/mcp.json) to prevent unauthorized access.
  • [PROMPT_INJECTION]: The skill processes user-controlled data in the form of manifest.json files to extract metadata for the publishing API.
  • Ingestion points: Reads platform-version, name, and modules from the project's manifest.json file.
  • Boundary markers: None; the skill assumes the manifest follows the standard Freshworks Platform 3.0 JSON schema.
  • Capability inventory: The skill has access to shell execution (fdk, zip, curl) and network-based MCP tool calls.
  • Sanitization: The skill reads fields as JSON scalars and passes them as parameters to MCP tools; no specific sanitization or escaping of the manifest content is described before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 08:52 AM
Security Audit — agent-trust-hub — fw-publish