fdk-setup

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the Freshworks Development Kit from the vendor-owned domain freshdev.io and the Node Version Manager (nvm) from its official GitHub repository. These sources are considered well-known and trusted for their respective purposes.
  • [REMOTE_CODE_EXECUTION]: The installation process for nvm involves downloading a script and piping it directly to bash. While this is a sensitive pattern, it is the standard and official installation method for nvm and targets a trusted source.
  • [COMMAND_EXECUTION]: The skill uses environment detection (e.g., uname -s, fdk version) to provide context for its shell subagents. It also includes scripts for managing background processes, such as fdk run and fdk tunnel, which include process termination commands to resolve port conflicts during development.
  • [PROMPT_INJECTION]: The instructions utilize strong imperative language (e.g., "ZERO TOLERANCE", "MANDATORY ENFORCEMENT") to ensure the agent verifies installation persistence. These constraints are aligned with the skill's primary function of providing a reliable development environment and do not attempt to bypass agent safety filters or override core behavior.
  • [DATA_EXFILTRATION]: The skill modifies shell profiles (~/.zshrc, ~/.bashrc) to ensure global command availability. This process includes creating backups of the configuration files. No evidence was found of sensitive data, such as credentials or private keys, being accessed or transmitted externally.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 05:23 PM
Security Audit — agent-trust-hub — fdk-setup