freshservice-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its interaction with external Freshservice data.
- Ingestion points: The skill ingests untrusted data from Freshservice ticket subjects, descriptions, and comments through the
FRESHSERVICE_LIST_TICKETSandFRESHSERVICE_GET_TICKETtools. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the prompt templates, meaning the agent might follow instructions found within ticket content.
- Capability inventory: The skill possesses significant capabilities, including the ability to create tickets (
FRESHSERVICE_CREATE_TICKET), update tickets in bulk (FRESHSERVICE_BULK_UPDATE_TICKETS), and send outbound emails (FRESHSERVICE_CREATE_TICKET_OUTBOUND_EMAIL). - Sanitization: There is no evidence of content sanitization or validation performed on the data retrieved from Freshservice before it is used to influence the agent's next steps.
Audit Metadata