Freshdesk

Security checks across malware telemetry and agentic risk

Overview

The skill appears to manage business support records, but it exposes delete actions without documented confirmation safeguards.

Review the skill carefully before installing in production. Prefer a least-privilege account, disable delete scopes if possible, and require the agent to show the exact ticket, contact, or company and get explicit confirmation before any deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes delete operations for tickets, contacts, and companies without any guidance to require confirmation, authorization checks, or safeguards before destructive actions. In an agent setting, this increases the risk of accidental or prompt-induced deletion of production support data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal