intercom
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global Bun package
@kyoji2/intercom-cli. This is a vendor-provided resource necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The agent is instructed to execute shell commands using the
intercomCLI to perform actions such as searching contacts, replying to conversations, and managing articles. - [PROMPT_INJECTION]: Indirect Prompt Injection Risk.
- Ingestion points: The skill retrieves untrusted data (customer messages, internal notes, and help center articles) via commands such as
intercom conversation get,intercom conversation search,intercom article search, andintercom contact notes. - Boundary markers: There are no explicit delimiters or instructions provided in the skill files to help the agent distinguish between administrative instructions and content retrieved from external sources.
- Capability inventory: The agent has the ability to execute a wide range of CLI commands (
intercom ...) which could be misused if the agent follows malicious instructions embedded in conversation bodies or notes. - Sanitization: There is no evidence of content sanitization or validation of retrieved data before it is presented to the agent's context.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive Intercom Access Tokens. These are stored in a local configuration file at
~/.config/intercom-cli/config.json. Additionally, providing tokens via command-line arguments (e.g.,intercom login "token") may cause sensitive data to be recorded in shell history files.
Audit Metadata