freshservice-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from Freshservice tickets (descriptions and comments), which are untrusted external sources that could contain malicious instructions.
- Ingestion points: Data is ingested through tools like
FRESHSERVICE_LIST_TICKETSandFRESHSERVICE_GET_TICKET(specifically ticket descriptions and conversation history). - Boundary markers: The skill does not provide any instructions for the agent to use delimiters or ignore embedded instructions within ticket content.
- Capability inventory: The agent has the ability to perform write operations (
FRESHSERVICE_BULK_UPDATE_TICKETS) and send communications (FRESHSERVICE_CREATE_TICKET_OUTBOUND_EMAIL). - Sanitization: No sanitization or validation of ticket content is defined in the skill logic.
- [External Reference] (SAFE): The skill relies on an external MCP server (
https://rube.app/mcp). This is a structural requirement for the skill's functionality and does not involve the direct execution of unverifiable scripts or binaries within the skill package itself.
Audit Metadata