freshservice-manager
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (HIGH): The
SKILL.mdfile reveals the full path to a sensitive.envfile containing API keys in the user's iCloud directory (~/Library/Mobile Documents/com~apple~CloudDocs/Geoffrey/secrets/.env). This disclosure assists attackers in locating sensitive credentials on the local filesystem. - Indirect Prompt Injection (LOW): The skill fetches and summarizes untrusted ticket data (subjects and descriptions) from Freshservice, which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Ticket subjects and descriptions retrieved via API in
get_daily_summary.js,get_weekly_summary.js, andget_ticket.js. - Boundary markers: Absent. Ticket content is concatenated and processed without delimiters or 'ignore' instructions.
- Capability inventory: The skill has tools to create tickets (
create_ticket.js), update tickets (update_ticket.js), and add notes (add_note.js). - Sanitization: Absent. No filtering or escaping is applied to the ticket data before it is used in logic or summaries.
- Unverifiable Dependencies (MEDIUM): All script files (
scripts/*.js) import secrets from a hardcoded relative path../../../scripts/secrets.js. This dependency resides outside the skill's directory structure, creating a non-standard and potentially risky dependency on files in the parent environment's directory tree.
Recommendations
- AI detected serious security threats
Audit Metadata