Skills
skills/vm0-ai/vm0-skills/intercom/Gen Agent Trust Hub

intercom

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses environment variables (INTERCOM_TOKEN) for API authentication, which is a secure method for managing sensitive credentials.
  • [COMMAND_EXECUTION]: Provides standard curl commands to perform authenticated HTTP requests for managing conversations, contacts, and help center articles.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with official, well-known Intercom API endpoints (api.intercom.io, api.eu.intercom.io, api.au.intercom.io) to facilitate legitimate service operations.
  • [DATA_EXFILTRATION]: Facilitates the transmission of customer data and conversation history to the Intercom platform as intended by the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill processes data from external Intercom conversations, which presents a surface for indirect prompt injection.
  • Ingestion points: Intercom API responses containing messages from external customers.
  • Boundary markers: None present in the provided command templates.
  • Capability inventory: Network operations via curl and local file writes to /tmp.
  • Sanitization: No specific validation or escaping of API-returned content is defined in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM