Zendesk
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is configured to read from a local sensitive file path at
~/.config/zendesk/credentials.jsonto retrieve API tokens and user emails for authentication purposes. - [COMMAND_EXECUTION]: The skill relies on the execution of shell commands using
curlandjqto interact with the Zendesk REST API and manipulate JSON data. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it fetches and processes ticket comments and search results which can contain arbitrary instructions from untrusted external users.
- Ingestion points: Zendesk ticket comments, organization names, and user data fetched via the API (SKILL.md).
- Boundary markers: None; data is processed directly as text strings or JSON objects without delimiters.
- Capability inventory: Shell command execution via
curlandjqacross all documented operations (SKILL.md). - Sanitization: No sanitization or escaping of external content is performed before the data is passed to the agent context.
Audit Metadata