fw-app-dev
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill maintains an attack surface for indirect prompt injection because it ingests and processes untrusted user-supplied files (manifests and JavaScript code) as part of its core development and validation workflow.
- Ingestion points: Reads manifest.json, server.js, and app.js from the local workspace to perform validation, refactoring, and auto-fixes.
- Boundary markers: Includes specific security rules in
rules/security.mdcthat enforce input validation and the use of allowlists for SMI operations. - Capability inventory: The skill has access to powerful tools including
shell(runningfdk validate,node,npm),read, andwritefor app creation and testing. - Sanitization: Instructions in
rules/security.mdcmandate string sanitization and the rejection of malformed or unexpected data before processing. - [EXTERNAL_DOWNLOADS]: The skill's templates and documentation reference various external assets and scripts necessary for app development.
- Fetches the Freshworks Crayons component library and SDK from official CDNs (e.g.,
cdn.jsdelivr.net,static.freshdev.io,unpkg.com). - References official Microsoft Graph, Slack, and Stripe API endpoints in integration playbooks.
- These downloads originate from well-known services or the official vendor domain and are documented as standard platform requirements.
Audit Metadata