intercom-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server endpoint (https://rube.app/mcp). This domain is not on the trusted list, meaning the agent's tool schemas and runtime execution logic are provided by a non-whitelisted third-party service.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted customer messages from Intercom.\n
- Ingestion points: Reads conversation bodies and contact details via tools like INTERCOM_GET_CONVERSATION and INTERCOM_SEARCH_CONTACTS.\n
- Boundary markers: None identified. The instructions do not define delimiters or warnings to isolate external message content from agent instructions.\n
- Capability inventory: The agent can send replies, modify contact information, and change conversation states (close/reopen).\n
- Sanitization: No validation or sanitization of incoming Intercom data is specified to prevent instruction injection.\n- DATA_EXFILTRATION (LOW): The skill facilitates the transmission of sensitive CRM data (contact details, admin IDs, internal conversations) through an external gateway to a non-whitelisted domain (rube.app).
Audit Metadata