fw-publish
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the use of local development tools including
fdk,zip,unzip,jq, andcurl. These tools are used to validate the application manifest, package the codebase into a distributable archive, and handle the binary upload to the Marketplace storage. - [DATA_EXFILTRATION]: Application source code is packaged and uploaded to a presigned S3 URL generated via the official Freshworks Developer Portal API. This is the intended core functionality of the skill, triggered only during the publishing phase.
- [EXTERNAL_DOWNLOADS]: The skill documentation provides standard installation instructions using
npxand the Claude plugin marketplace, targeting the officialfreshworks-developersGitHub repository. It also retrieves data from the verifiedmcp.freshworks.devservice endpoint. - [CREDENTIALS_UNSAFE]: The skill includes a configuration script in
subagents/mcp-config-prompt.mdto help users store their Developer Portal API keys for the IDE. The script implements security best practices by usingread -spto hide sensitive input and applyingchmod 600to the resulting configuration file (~/.cursor/mcp.json) to prevent unauthorized access. - [PROMPT_INJECTION]: The skill processes user-controlled data in the form of
manifest.jsonfiles to extract metadata for the publishing API. - Ingestion points: Reads
platform-version,name, andmodulesfrom the project'smanifest.jsonfile. - Boundary markers: None; the skill assumes the manifest follows the standard Freshworks Platform 3.0 JSON schema.
- Capability inventory: The skill has access to shell execution (
fdk,zip,curl) and network-based MCP tool calls. - Sanitization: The skill reads fields as JSON scalars and passes them as parameters to MCP tools; no specific sanitization or escaping of the manifest content is described before interpolation.
Audit Metadata