Skip to main content

intercom-enterprise-rbac

Enables configuration of enterprise-grade access control for Intercom using OAuth and admin role management.

Install this skill

or
24/100

Security score

The intercom-enterprise-rbac skill was audited on May 27, 2026 and we found 24 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 62

Template literal with variable interpolation in command context

SourceSKILL.md
62console.log(`${admin.name} (${admin.email})`);
medium line 63

Template literal with variable interpolation in command context

SourceSKILL.md
63console.log(` ID: ${admin.id}`);
medium line 64

Template literal with variable interpolation in command context

SourceSKILL.md
64console.log(` Type: ${admin.type}`); // "admin" or "team"
medium line 65

Template literal with variable interpolation in command context

SourceSKILL.md
65console.log(` Active: ${admin.awayModeEnabled ? "Away" : "Available"}`);
medium line 70

Template literal with variable interpolation in command context

SourceSKILL.md
70console.log(`Admin: ${admin.name} - ${admin.email}`);
medium line 90

Template literal with variable interpolation in command context

SourceSKILL.md
90`client_id=${OAUTH_CONFIG.clientId}&` +
medium line 91

Template literal with variable interpolation in command context

SourceSKILL.md
91`state=${state}&` +
medium line 92

Template literal with variable interpolation in command context

SourceSKILL.md
92`redirect_uri=${encodeURIComponent(OAUTH_CONFIG.redirectUri)}`;
medium line 112

Template literal with variable interpolation in command context

SourceSKILL.md
112throw new Error(`OAuth token exchange failed: ${error.message}`);
medium line 180

Template literal with variable interpolation in command context

SourceSKILL.md
180message: `Missing permission: ${permission}`,
medium line 209

Template literal with variable interpolation in command context

SourceSKILL.md
209console.log("Teams:", teams.map(t => `${t.name} (${t.id})`));
medium line 230

Template literal with variable interpolation in command context

SourceSKILL.md
230body: `Routed to ${topic} team`,
medium line 269

Template literal with variable interpolation in command context

SourceSKILL.md
269console.warn(`[AUDIT] Sensitive action: ${entry.action} by ${entry.adminEmail}`);
low line 100

Fetch to external URL

SourceSKILL.md
100const response = await fetch("https://api.intercom.io/auth/eagle/token", {
low line 56

Access to .env file

SourceSKILL.md
56token: process.env.INTERCOM_ACCESS_TOKEN!,
low line 82

Access to .env file

SourceSKILL.md
82clientId: process.env.INTERCOM_CLIENT_ID!,
low line 83

Access to .env file

SourceSKILL.md
83clientSecret: process.env.INTERCOM_CLIENT_SECRET!,
low line 84

External URL reference

SourceSKILL.md
84redirectUri: "https://your-app.com/auth/intercom/callback",
low line 89

External URL reference

SourceSKILL.md
89return `https://app.intercom.com/oauth?` +
low line 100

External URL reference

SourceSKILL.md
100const response = await fetch("https://api.intercom.io/auth/eagle/token", {
low line 304

External URL reference

SourceSKILL.md
304- [Authentication](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication)
low line 305

External URL reference

SourceSKILL.md
305- [Setting up OAuth](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication/setting-up-oauth)
low line 306

External URL reference

SourceSKILL.md
306- [OAuth Scopes](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication/oauth-scopes)
low line 307

External URL reference

SourceSKILL.md
307- [Admins API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/admins)
Scanned on May 27, 2026
View Security Dashboard
Installation guide →