intercom
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs users to run unverified code directly from the internet via
curl | bashtargetingcanifi.com. This is a highly dangerous pattern that provides full command execution on the host machine. - [EXTERNAL_DOWNLOADS] (HIGH): Downloads installation and environment scripts from untrusted external sources (
https://canifi.com/skills/intercom/install.shandhttps://canifi.com/install.sh) which lack integrity verification. - [CREDENTIALS_UNSAFE] (HIGH): The skill requests sensitive credentials including
INTERCOM_PASSWORD. While the author claims local-only storage, the underlying tool (canifi-env) is installed via untrusted remote code execution, creating a significant risk of credential theft or exfiltration. - [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8) because the skill reads and responds to untrusted customer messages. 1. Ingestion points: Intercom conversation data and support tickets (as described in SKILL.md). 2. Boundary markers: Absent; there are no instructions to differentiate between user commands and data originating from external customers. 3. Capability inventory: Browser automation via Playwright MCP allowing for message sending and ticket management. 4. Sanitization: Absent; the skill lacks validation or filtering of content retrieved from the Intercom API.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/intercom/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata