zendesk
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill documentation explicitly instructs users to execute unverified remote code via
curl -sSL https://canifi.com/skills/zendesk/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. This is a high-risk pattern that grants an untrusted domain full control over the local execution environment. - [External Downloads] (HIGH): The skill depends on installation and configuration scripts from
canifi.com, which is not a recognized trusted repository or organization. - [Indirect Prompt Injection] (LOW): The skill acts on external data (support tickets and customer profiles) which can contain malicious instructions.
- Ingestion points: Zendesk ticket content and customer profiles.
- Boundary markers: No explicit markers or 'ignore embedded instructions' warnings are present in the documentation.
- Capability inventory: The skill can create/modify tickets and search knowledge base articles.
- Sanitization: No evidence of sanitization or validation of the external content before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/zendesk/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata