intercom-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add 'https://rube.app/mcp' as an MCP server. This domain is not recognized as a trusted source in the analyzer's list. Connecting to unverified MCP servers allows external entities to define tools and logic available to the agent.
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection via Intercom data. An external user could send a message containing instructions that the agent might inadvertently follow. * Ingestion points: Tools like INTERCOM_GET_CONVERSATION and INTERCOM_SEARCH_CONTACTS ingest external data. * Boundary markers: None specified in the skill body. * Capability inventory: The agent can perform write actions like INTERCOM_REPLY_TO_CONVERSATION and INTERCOM_CLOSE_CONVERSATION. * Sanitization: The documentation suggests sanitizing HTML but does not enforce it.
Audit Metadata