Skills
skills/aaaaqwq/claude-code-skills/intercom-automation/Gen Agent Trust Hub

intercom-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill has a significant attack surface for indirect prompt injection because it reads and processes data from external Intercom conversations and contacts.
  • Ingestion points: Untrusted data enters the agent context via INTERCOM_GET_CONVERSATION, INTERCOM_LIST_CONVERSATIONS, and INTERCOM_SEARCH_CONTACTS (as specified in SKILL.md).
  • Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The agent has the ability to write back to the system via INTERCOM_CREATE_CONVERSATION, INTERCOM_REPLY_TO_CONVERSATION, and INTERCOM_CLOSE_CONVERSATION.
  • Sanitization: No sanitization or filtering logic is defined to prevent the LLM from obeying instructions embedded in Intercom messages.
  • [External Dependency] (LOW): The skill requires the configuration of an external MCP server at https://rube.app/mcp. While this is the intended primary purpose of the skill, the domain rube.app (Composio) is not included in the pre-defined list of trusted organizations. The severity is downgraded to LOW per the primary purpose rule.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 03:09 PM