freshworks-publish-skill
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary logic in
SKILL.mdutilizes theshelltool to executefdkcommands such asfdk validate,fdk pack, andfdk version. It also uses standard Unix utilities includingfind,ls,cat,du, andgrepto manage files and parse metadata within the app directory. - [PROMPT_INJECTION]: The
SKILL.mdfile defines an 'AUTONOMOUS' execution mode, instructing the agent to run commands immediately without user confirmation. While this bypasses standard human-in-the-loop safeguards for shell operations, it is a declared functional characteristic for task efficiency. - [PROMPT_INJECTION]: The skill presents a surface for potential indirect prompt injection by processing external data.
- Ingestion points: Reads local app files including
manifest.jsonandcoverage/coverage-summary.json(documented inSKILL.md). - Boundary markers: None identified; the skill processes command output directly.
- Capability inventory: Access to
shell,read, andwritetools. - Sanitization: Contents of parsed JSON files are used to generate checklists without explicit sanitization steps.
- [EXTERNAL_DOWNLOADS]: The
README.mdand reference documents provide instructions for installing the skill and the FDK CLI tool. These references point to official Freshworks developer repositories and standard package registries, which are trusted vendor sources. - [DATA_EXFILTRATION]: The skill accesses local files like
manifest.jsonto extract metadata (app name, version, products) andcoverage-summary.jsonto verify test metrics. This information is used solely to generate submission guidance and packages locally, with no observed unauthorized network transmission.
Audit Metadata