Skills
skills/mridul-devx/fynd-extension-best-practices/fynd-extension/Gen Agent Trust Hub

fynd-extension

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • SAFE (SAFE): The skill is composed of markdown-based instructions and rules aimed at guiding an AI's code generation for the Fynd Development Kit (FDK). It does not contain any executable scripts, command-line operations, or network-active components.
  • Data Exposure & Exfiltration (SAFE): While the documentation mentions sensitive environment variables such as EXTENSION_API_SECRET, it explicitly instructs the developer not to hardcode secrets and to use environment variables, following security best practices.
  • Indirect Prompt Injection (SAFE): The skill provides guidance on handling external webhook data, which is an inherent attack surface for extensions. However, the instructions emphasize validating the companyId and checking authentication status via getPlatformClient before processing any data, which serves as a security mitigation rather than a vulnerability.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM