freshdesk-automation
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted customer data from Freshdesk tickets and replies. * Ingestion points: Ticket descriptions and conversation history ingested via FRESHDESK_VIEW_TICKET and FRESHDESK_LIST_ALL_TICKET_CONVERSATIONS (SKILL.md). * Boundary markers: Instructions do not provide explicit delimiters or warnings to ignore commands within processed ticket content. * Capability inventory: The skill utilizes tools with write access such as FRESHDESK_REPLY_TO_TICKET and FRESHDESK_UPDATE_TICKET (SKILL.md). * Sanitization: No validation or filtering mechanisms for external data are mentioned in the automation logic.
Audit Metadata