zendesk-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp) to their client configuration. This is the intended primary purpose of the skill to enable Zendesk automation tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data from Zendesk tickets and replies while possessing write-access capabilities.
- Ingestion points: Untrusted data enters via ticket descriptions, comments, and user-provided search queries (e.g., in
ZENDESK_REPLY_ZENDESK_TICKET). - Boundary markers: The skill does not define specific delimiters or instructional barriers to prevent the agent from obeying instructions embedded within ticket content.
- Capability inventory: The skill possesses significant capabilities, including
ZENDESK_DELETE_ZENDESK_TICKET,ZENDESK_UPDATE_ZENDESK_TICKET, andZENDESK_CREATE_ZENDESK_USER. - Sanitization: There are no instructions for sanitizing or escaping the content of tickets before processing.
- [NO_CODE]: This skill consists entirely of documentation and metadata; it does not distribute executable scripts or binaries.
Audit Metadata