Skills
skills/sickn33/antigravity-awesome-skills/freshdesk-automation/Gen Agent Trust Hub

freshdesk-automation

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from ticket descriptions, notes, and conversation history.
  • Ingestion points: Untrusted external content enters the agent's context through tools such as FRESHDESK_VIEW_TICKET, FRESHDESK_GET_TICKETS, and FRESHDESK_LIST_ALL_TICKET_CONVERSATIONS defined in SKILL.md.
  • Boundary markers: The skill does not provide instructions to use delimiters or delimiters themselves to separate untrusted customer data from system prompts.
  • Capability inventory: The agent has the capability to perform state-changing operations including FRESHDESK_REPLY_TO_TICKET and FRESHDESK_UPDATE_TICKET which could be abused if the agent follows instructions embedded in ticket bodies.
  • Sanitization: There is no evidence of validation or sanitization for HTML content or embedded instructions in the processed data.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates connection to an external MCP endpoint to retrieve tool schemas and execute helpdesk operations.
  • Evidence: The setup instructions in SKILL.md direct users to configure an MCP server using the URL https://rube.app/mcp.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 09:34 AM