freshdesk-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on user-generated Freshdesk data (e.g., FRESHDESK_VIEW_TICKET, FRESHDESK_LIST_ALL_TICKET_CONVERSATIONS, FRESHDESK_GET_SEARCH in the SKILL.md) — the agent ingests ticket/conversation content from the third-party Freshdesk service and uses it to drive replies/updates, so untrusted user content could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting to the external MCP server at https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that directly control the agent's prompts/tooling, and this endpoint is a required dependency for the skill to operate.