Skills
AGENT LAB: SKILLS
skills/composiohq/awesome-claude-skills/zendesk-automation/Gen Agent Trust Hub

zendesk-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its core function of processing external Zendesk data.
  • Ingestion points: Untrusted data enters the agent context through ZENDESK_LIST_ZENDESK_TICKETS, ZENDESK_GET_ZENDESK_TICKET_BY_ID (ticket comments/descriptions), and ZENDESK_SEARCH_ZENDESK_USERS (user-provided metadata).
  • Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the agent to disregard instructions found within ticket content.
  • Capability inventory: The skill provides significant capabilities, including the ability to delete tickets (ZENDESK_DELETE_ZENDESK_TICKET), modify ticket statuses, and send outbound communications via ZENDESK_REPLY_ZENDESK_TICKET.
  • Sanitization: Absent. There is no instruction to escape or validate ticket bodies before processing.
  • EXTERNAL_DOWNLOADS (LOW): The skill directs users to configure an external MCP server at https://rube.app/mcp and references tool documentation at composio.dev. While these are established services in the agent ecosystem, they are not included in the predefined list of trusted organizations.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:08 PM