fdk-setup
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Freshworks Development Kit from the vendor-owned domain
freshdev.ioand the Node Version Manager (nvm) from its official GitHub repository. These sources are considered well-known and trusted for their respective purposes. - [REMOTE_CODE_EXECUTION]: The installation process for nvm involves downloading a script and piping it directly to bash. While this is a sensitive pattern, it is the standard and official installation method for nvm and targets a trusted source.
- [COMMAND_EXECUTION]: The skill uses environment detection (e.g.,
uname -s,fdk version) to provide context for its shell subagents. It also includes scripts for managing background processes, such asfdk runandfdk tunnel, which include process termination commands to resolve port conflicts during development. - [PROMPT_INJECTION]: The instructions utilize strong imperative language (e.g., "ZERO TOLERANCE", "MANDATORY ENFORCEMENT") to ensure the agent verifies installation persistence. These constraints are aligned with the skill's primary function of providing a reliable development environment and do not attempt to bypass agent safety filters or override core behavior.
- [DATA_EXFILTRATION]: The skill modifies shell profiles (
~/.zshrc,~/.bashrc) to ensure global command availability. This process includes creating backups of the configuration files. No evidence was found of sensitive data, such as credentials or private keys, being accessed or transmitted externally.
Audit Metadata