freshservice-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow calls Freshservice MCP tools (e.g., FRESHSERVICE_LIST_TICKETS / FRESHSERVICE_GET_TICKET) which return ticket fields like description and conversations that are authored by external requesters/end-users, and those returned free-text fields are ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting at runtime to the external MCP server https://rube.app/mcp (via RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS) to fetch tool schemas which directly control the agent's available tools/prompts, so this is a runtime external dependency that can alter agent instructions.