zendesk
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/cliglobal npm package. This is the official command-line interface provided by the vendor (Membrane) to facilitate authentication and interaction with their connector ecosystem. - [COMMAND_EXECUTION]: The integration relies on executing shell commands via the
membraneCLI to manage connections, list actions, and run specific ticketing workflows (e.g.,membrane login,membrane action run). - [PROMPT_INJECTION]: The skill ingests data from external Zendesk tickets and comments. This surface area is susceptible to indirect prompt injection, where malicious instructions could be embedded within user-submitted content and subsequently processed by the agent. This is a common characteristic of data-processing skills and is mitigated by the platform's standard handling of tool outputs.
Audit Metadata