intercom-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill reads user-generated, untrusted content from Intercom (e.g., conversation bodies and messages) via endpoints like INTERCOM_GET_CONVERSATION, INTERCOM_LIST_CONVERSATIONS, and INTERCOM_SEARCH_CONTACTS, so the agent would ingest third-party content that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and using the MCP endpoint https://rube.app/mcp and instructs calling RUBE_SEARCH_TOOLS at runtime to fetch current tool schemas from that endpoint, so remote content from that URL directly controls the agent's available instructions/tools.