zendesk-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read user-generated Zendesk content (e.g., via ZENDESK_LIST_ZENDESK_TICKETS and ZENDESK_GET_ZENDESK_TICKET_BY_ID which include ticket comments) and to act on that content (reply/update/create tickets), exposing it to untrusted third-party input.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). https://rube.app/mcp is a required runtime MCP endpoint (the skill requires Rube MCP and instructs to call RUBE_SEARCH_TOOLS to fetch current tool schemas), and those fetched schemas directly determine the agent's prompts/instructions and behavior.