Freshservice

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal Freshservice integration, with the main caution that its activation wording is broad for a credentialed, write-capable service.

Install this only if you want an agent to work with your connected Freshservice tenant. Review any create, update, or delete action before it runs, and be aware that broad Freshservice-related prompts may activate the skill even when you only wanted a general answer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance provides no concrete trigger boundaries beyond general Freshservice involvement, so an orchestrating agent may select this skill too aggressively. In context, that matters because the skill has write-capable actions and server-side injected credentials, making misrouting more consequential than a purely informational skill.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance provides no concrete trigger boundaries beyond general Freshservice involvement, so an orchestrating agent may select this skill too aggressively. In context, that matters because the skill has write-capable actions and server-side injected credentials, making misrouting more consequential than a purely informational skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal