freshservice-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires adding an external MCP server endpoint (https://rube.app/mcp). This delegates tool definitions to a remote service that is not part of the pre-defined trusted vendor list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from Freshservice. \n
- Ingestion points: Ticket descriptions and comments retrieved via FRESHSERVICE_LIST_TICKETS and FRESHSERVICE_GET_TICKET. \n
- Boundary markers: Absent; there are no instructions to the agent on how to distinguish ticket content from system instructions. \n
- Capability inventory: Includes the ability to create/update tickets and send outbound emails (FRESHSERVICE_CREATE_TICKET_OUTBOUND_EMAIL), which could be triggered by malicious content in a ticket. \n
- Sanitization: No evidence of sanitization or HTML escaping for ticket descriptions is provided.
Audit Metadata