intercom-data-handling
Facilitates GDPR-compliant data handling in Intercom, including data export, deletion, and PII management for sensitive information.
Install this skill
Security score
The intercom-data-handling skill was audited on May 30, 2026 and we found 14 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 169 | Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}`, |
Template literal with variable interpolation in command context
| 190 | `https://api.intercom.io/export/messages/data/${jobId}`, |
Template literal with variable interpolation in command context
| 192 | headers: { Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}` }, |
Fetch to external URL
| 166 | const response = await fetch("https://api.intercom.io/export/messages/data", { |
Webhook reference - potential data exfiltration
| 242 | webhook_events: 30, // days - processed webhook records |
Access to .env file
| 61 | token: process.env.INTERCOM_ACCESS_TOKEN!, |
Access to .env file
| 169 | Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}`, |
Access to .env file
| 192 | headers: { Authorization: `Bearer ${process.env.INTERCOM_ACCESS_TOKEN}` }, |
External URL reference
| 166 | const response = await fetch("https://api.intercom.io/export/messages/data", { |
External URL reference
| 190 | `https://api.intercom.io/export/messages/data/${jobId}`, |
External URL reference
| 197 | // When complete: { status: "complete", download_url: "https://..." } |
External URL reference
| 300 | - [Data Export API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/data-export/data_export) |
External URL reference
| 301 | - [Contacts API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/contacts) |
External URL reference
| 303 | - [Intercom Privacy](https://www.intercom.com/privacy) |