intercom-automation
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server at https://rube.app/mcp. This establishes a dependency on third-party infrastructure for processing Intercom data and managing credentials.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources. \n
- Ingestion points: The skill retrieves conversation content and contact details via tools such as INTERCOM_GET_CONVERSATION and INTERCOM_SEARCH_CONTACTS (SKILL.md). \n
- Boundary markers: There are no explicit instructions or delimiters used to separate untrusted data from system instructions. \n
- Capability inventory: The agent has write access to the Intercom environment, including the ability to reply to conversations and assign them to admins (SKILL.md). \n
- Sanitization: No sanitization or validation of the ingested data is described before it is integrated into the agent's context.
Audit Metadata