intercom-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to configure an external MCP server at
https://rube.app/mcp, which is a third-party domain not associated with the official trusted vendors or the skill author's known infrastructure.\n- [NO_CODE]: The skill consists entirely of markdown instructions and metadata, with no accompanying scripts or executable files, reducing the risk of direct malicious code execution.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external Intercom conversations and contacts.\n - Ingestion points:
INTERCOM_GET_CONVERSATION,INTERCOM_LIST_CONVERSATIONS, andINTERCOM_SEARCH_CONTACTSinSKILL.md.\n - Boundary markers: No explicit instructions are provided to use delimiters or ignore instructions embedded within the Intercom data.\n
- Capability inventory: The agent can take actions based on processed data, such as
INTERCOM_REPLY_TO_CONVERSATION,INTERCOM_ASSIGN_CONVERSATION, andINTERCOM_CREATE_CONVERSATION.\n - Sanitization: The documentation advises users to sanitize HTML input to prevent rendering issues, but no automated sanitization is implemented in the skill itself.
Audit Metadata