freshdesk-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires users to add an external MCP server endpoint (
https://rube.app/mcp) to their client configuration. This service, associated with Composio, acts as a proxy for Freshdesk API operations.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external content. - Ingestion points: Untrusted customer data is brought into the agent context through tools like
FRESHDESK_VIEW_TICKETandFRESHDESK_LIST_ALL_TICKET_CONVERSATIONSas described inSKILL.md. - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its system instructions and the untrusted data fetched from Freshdesk.
- Capability inventory: The skill possesses write-access capabilities, including
FRESHDESK_REPLY_TO_TICKETandFRESHDESK_UPDATE_TICKET, which could be exploited if malicious instructions are embedded in a ticket. - Sanitization: No sanitization, validation, or filtering mechanisms are mentioned to mitigate the risk of processing malicious inputs from external ticket descriptions.
Audit Metadata