zendesk-automation
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill setup directs the user to connect to an external MCP server endpoint (
https://rube.app/mcp) to access the Zendesk automation tools.- [PROMPT_INJECTION]: The skill processes untrusted data from Zendesk tickets and user profiles, creating a surface for indirect prompt injection where malicious content in a ticket could attempt to manipulate the agent's actions. - Ingestion points: Data enters the agent context through tools like
ZENDESK_LIST_ZENDESK_TICKETSandZENDESK_GET_ZENDESK_TICKET_BY_IDwhich fetch customer-provided text. - Boundary markers: The instructions do not specify the use of delimiters or boundary markers to isolate untrusted ticket content from agent instructions.
- Capability inventory: The skill possesses high-privilege capabilities including updating tickets (
ZENDESK_UPDATE_ZENDESK_TICKET), sending replies (ZENDESK_REPLY_ZENDESK_TICKET), and deleting records (ZENDESK_DELETE_ZENDESK_TICKET). - Sanitization: No sanitization or validation logic is defined for the content retrieved from Zendesk before it is processed by the agent.
Audit Metadata