fw-publish
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates shell commands for the app development lifecycle, including environment version checks, 'fdk validate', and 'fdk pack'. These commands are necessary for the stated purpose of preparing apps for publication.
- [SAFE]: The skill provides a configuration subagent ('subagents/mcp-config-prompt.md') that guides users through setting up authentication. It implements security best practices by using 'read -sp' for hidden secret input and applying restrictive 'chmod 600' permissions to configuration files created on the local filesystem.
- [SAFE]: Network activity is restricted to binary uploads via authenticated PUT requests to generated URLs and interactions with official Freshworks MCP endpoints. There are no indications of data exfiltration or unauthorized access to sensitive files.
Audit Metadata