fdk-file-fetcher
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches source code files from GitHub's official repositories (gofynd/fdk-react-templates) via api.github.com and raw.githubusercontent.com. These are recognized as well-known and safe technological services.
- [COMMAND_EXECUTION]: The skill executes a Node.js script (fdk_file_fetcher.js) to perform logic for local project root detection, lockfile parsing, and file creation.
- [DATA_EXFILTRATION]: The script reads the project's package-lock.json file to extract the specific commit hash of a dependency. This data is used solely to construct the correct download URL for GitHub and is not transmitted to any untrusted third-party domains.
Audit Metadata