zendesk-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to add 'https://rube.app/mcp' as an MCP server. This endpoint is managed by a third party not on the trusted list, representing a supply chain risk as MCP servers handle tool execution.
- DATA_EXFILTRATION (MEDIUM): Using this skill involves sending Zendesk data, which often contains Personal Identifiable Information (PII) and sensitive business logic, to the 'rube.app' endpoint. There is no verification of the data handling practices of this external service.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data enters via ZENDESK_GET_ZENDESK_TICKET_BY_ID and ticket listing tools (File: SKILL.md). 2. Boundary markers: None present. The agent is not instructed to isolate ticket content from instructions. 3. Capability inventory: The skill has broad write/delete permissions (ZENDESK_UPDATE_ZENDESK_TICKET, ZENDESK_DELETE_ZENDESK_TICKET, ZENDESK_CREATE_ZENDESK_USER). 4. Sanitization: None present. Malicious ticket content could trigger unauthorized tool calls.
Audit Metadata