zendesk-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to process user-generated data from Zendesk tickets and users. Ingestion points: Data enters the context via ZENDESK_LIST_ZENDESK_TICKETS and ZENDESK_GET_ZENDESK_TICKET_BY_ID as defined in SKILL.md. Boundary markers: No delimiters or instructions are provided to separate untrusted data from the system prompt. Capability inventory: The agent is given capabilities to create, update, and delete tickets and users, which could be abused if malicious instructions are processed. Sanitization: No content validation or sanitization of ingested Zendesk data is mentioned.
- [DATA_EXFILTRATION]: The skill requires the configuration of an external MCP server at 'https://rube.app/mcp'. This domain is not recognized as a trusted or well-known service in the authoritative list, representing a data transmission path to an external third-party.
- [NO_CODE]: The skill consists exclusively of markdown instructions and does not contain any Python scripts, Node.js code, or binary files, which minimizes the direct execution attack surface.
Audit Metadata