zendesk-sell
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally using npm. This is the official command-line interface provided by the vendor to facilitate secure communication with the Zendesk Sell API.
- [COMMAND_EXECUTION]: The instructions leverage the 'membrane' CLI to perform operations such as searching for actions, connecting to the service, and running specific integration tasks. These commands are used to manage authentication and data transfer through the Membrane platform.
- [PROMPT_INJECTION]: As the skill is designed to retrieve and process records (leads, contacts, deals) from an external CRM, it possesses an inherent surface for indirect prompt injection if those records contain malicious instructions.
- Ingestion points: Data retrieved from Zendesk Sell entities via the 'membrane action run' or 'membrane request' commands.
- Boundary markers: No specific delimiters or "ignore previous instructions" warnings are defined for the data retrieved from the API.
- Capability inventory: The skill allows for writing data back to the CRM (e.g., 'create-lead') and making arbitrary requests via the 'membrane request' proxy.
- Sanitization: No explicit sanitization or validation of the data retrieved from the Zendesk Sell API is mentioned in the skill instructions.
Audit Metadata