freshservice-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to add an external MCP server at
https://rube.app/mcp. This third-party service is not on the trusted vendors list and is responsible for providing the tool definitions and execution environment for the automation. - [DATA_EXFILTRATION]: The skill accesses and processes sensitive IT Service Management (ITSM) data, including requester names, email addresses, and ticket descriptions. This information is transmitted to the external
rube.appendpoint, creating a potential path for data exposure or exfiltration to an unverified third party. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes user-generated ticket content without proper isolation.
- Ingestion points: Untrusted content is ingested from Freshservice ticket fields via
FRESHSERVICE_LIST_TICKETSandFRESHSERVICE_GET_TICKETinSKILL.md. - Boundary markers: The skill lacks delimiters or explicit instructions to the agent to ignore potentially malicious commands embedded within ticket descriptions or subjects.
- Capability inventory: The skill has access to high-impact tools such as
FRESHSERVICE_BULK_UPDATE_TICKETS,FRESHSERVICE_CREATE_TICKET_OUTBOUND_EMAIL, andFRESHSERVICE_CREATE_SERVICE_REQUEST. - Sanitization: No validation or sanitization mechanisms are present to prevent the agent from following instructions found inside the data it processes.
Audit Metadata