freshworks-fdk-setup-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's subagent workflow explicitly fetches and executes external public content (e.g., piping the nvm install script from https://raw.githubusercontent.com/nvm-sh/nvm/... and installing FDK packages from https://cdn.freshdev.io/ and linking to GitHub releases for nvm-windows) as mandatory runtime steps, which could allow untrusted third-party instructions to influence execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill spawns shell subagents that at runtime fetch-and-execute remote scripts (e.g., curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash and /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)") and install packages directly from https://cdn.freshdev.io/fdk/latest.tgz (and versioned https://cdn.freshdev.io/fdk/v.tgz), which clearly execute remote code the skill depends on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs spawning shell subagents to autonomously run installation/uninstallation commands, modify shell config files (e.g., ~/.zshrc, ~/.bash_profile), perform global npm/brew installs/uninstalls, run curl|bash installers, and even suggests using sudo/Administrator, which directly modifies and can compromise the host machine's state.