intercom-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill is designed to fetch and process user-generated content from Intercom, which can contain malicious instructions. * Ingestion points: Tools such as INTERCOM_GET_CONVERSATION and INTERCOM_SEARCH_CONTACTS in SKILL.md import untrusted message bodies and names into the agent context. * Boundary markers: No delimiters or boundary instructions are provided to help the agent distinguish between its instructions and external data. * Capability inventory: The skill provides the agent with write capabilities, including the ability to reply to conversations and modify contact data. * Sanitization: While the documentation mentions HTML sanitization as a pitfall, it does not provide specific guardrails or instructions for the agent to follow to sanitize input.
- [EXTERNAL_DOWNLOADS]: External resource reference. The skill requires the configuration of an external MCP server at 'https://rube.app/mcp', which introduces a dependency on a service from a non-whitelisted domain.
Audit Metadata