intercom-enterprise-rbac
Enables configuration of enterprise-grade access control for Intercom using OAuth and admin role management.
Install this skill
Security score
The intercom-enterprise-rbac skill was audited on May 27, 2026 and we found 24 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 62 | console.log(`${admin.name} (${admin.email})`); |
Template literal with variable interpolation in command context
| 63 | console.log(` ID: ${admin.id}`); |
Template literal with variable interpolation in command context
| 64 | console.log(` Type: ${admin.type}`); // "admin" or "team" |
Template literal with variable interpolation in command context
| 65 | console.log(` Active: ${admin.awayModeEnabled ? "Away" : "Available"}`); |
Template literal with variable interpolation in command context
| 70 | console.log(`Admin: ${admin.name} - ${admin.email}`); |
Template literal with variable interpolation in command context
| 90 | `client_id=${OAUTH_CONFIG.clientId}&` + |
Template literal with variable interpolation in command context
| 91 | `state=${state}&` + |
Template literal with variable interpolation in command context
| 92 | `redirect_uri=${encodeURIComponent(OAUTH_CONFIG.redirectUri)}`; |
Template literal with variable interpolation in command context
| 112 | throw new Error(`OAuth token exchange failed: ${error.message}`); |
Template literal with variable interpolation in command context
| 180 | message: `Missing permission: ${permission}`, |
Template literal with variable interpolation in command context
| 209 | console.log("Teams:", teams.map(t => `${t.name} (${t.id})`)); |
Template literal with variable interpolation in command context
| 230 | body: `Routed to ${topic} team`, |
Template literal with variable interpolation in command context
| 269 | console.warn(`[AUDIT] Sensitive action: ${entry.action} by ${entry.adminEmail}`); |
Fetch to external URL
| 100 | const response = await fetch("https://api.intercom.io/auth/eagle/token", { |
Access to .env file
| 56 | token: process.env.INTERCOM_ACCESS_TOKEN!, |
Access to .env file
| 82 | clientId: process.env.INTERCOM_CLIENT_ID!, |
Access to .env file
| 83 | clientSecret: process.env.INTERCOM_CLIENT_SECRET!, |
External URL reference
| 84 | redirectUri: "https://your-app.com/auth/intercom/callback", |
External URL reference
| 89 | return `https://app.intercom.com/oauth?` + |
External URL reference
| 100 | const response = await fetch("https://api.intercom.io/auth/eagle/token", { |
External URL reference
| 304 | - [Authentication](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication) |
External URL reference
| 305 | - [Setting up OAuth](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication/setting-up-oauth) |
External URL reference
| 306 | - [OAuth Scopes](https://developers.intercom.com/docs/build-an-integration/learn-more/authentication/oauth-scopes) |
External URL reference
| 307 | - [Admins API](https://developers.intercom.com/docs/references/rest-api/api.intercom.io/admins) |