The Agent Skills Directory

Command Execution (HIGH): The files .cursor/rules/validation-autofix.mdc and .cursor/rules/validation-workflow.mdc instruct the AI agent to automatically execute shell commands (fdk validate). The instructions explicitly state that this "MUST happen automatically" and "DO NOT ask user to run it manually," which is a high-risk attempt to bypass the security boundary of user confirmation for code execution.
External Downloads (HIGH): The README.md recommends using npx @freshworks-developers/freshworks_app_dev_skill. This pattern downloads and executes remote code from the npm registry from an organization (@freshworks-developers) that is not on the trusted external sources list.
Indirect Prompt Injection (LOW): The skill implements an automated "autofix" loop that ingests output from the fdk validate command to influence subsequent code generation.
Ingestion points: Terminal output from the fdk validate CLI command.
Boundary markers: None identified; the AI is instructed to "Parse validation output" directly.
Capability inventory: Subprocess execution (terminal), file-write (autofixing), and network operations (request templates).
Sanitization: No sanitization or escaping of the CLI output is defined before the AI processes it to generate new code.
Command Execution (MEDIUM): The repository includes scripts/cleanup_old_rules.sh, which uses rm -f to delete files. While the script targets specific rule names, automated deletion logic should be reviewed to prevent unintended data loss.

freshworks-app-dev-skill