freshworks-fdk-setup-skill
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses a piped-to-shell execution pattern to install dependencies.
- It executes a remote script from the
nvm-shGitHub repository usingcurl | bashto install Node Version Manager. - It leverages the
Tasktool to spawn subagents that autonomously execute shell commands based on dynamically generated prompts. - [EXTERNAL_DOWNLOADS]: The skill fetches resources from external repositories and CDNs.
- Downloads the NVM installation script from GitHub.
- Downloads FDK CLI packages from the vendor's CDN at
cdn.freshdev.io. - Accesses the Freshworks Developers Homebrew tap for macOS installations.
- [COMMAND_EXECUTION]: The skill performs persistent system configurations and administrative tasks.
- Modifies user shell profiles (
~/.zshrc,~/.bash_profile,~/.bashrc) to add environment variables (FDK_NODE_VERSION) and aliases (fdk-env). - Recommends that Windows users bypass execution policies (
Set-ExecutionPolicy Bypass) and run sessions as Administrator for installation. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) in its argument processing.
- Ingestion points: The
versionstring provided as a command argument for the/fdk-setup downgradeoperation inSKILL.md. - Boundary markers: Absent; the user-provided version string is interpolated directly into the subagent's prompt without delimiters.
- Capability inventory: The resulting subagent has full access to the
shelltool, enabling file system writes and command execution. - Sanitization: No validation or escaping is applied to the
$ARGUMENTSbefore they are passed into the subagent's logic block.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh - DO NOT USE without thorough review
Audit Metadata