Zendesk Automation
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of incoming customer support requests and ticket bodies. This creates a surface for indirect prompt injection where an attacker could embed instructions within a ticket to influence the agent's routing logic or response generation.
- Ingestion points: Incoming support requests and ticket data are processed through the Triage Pipeline and Auto-Response templates.
- Boundary markers: The configuration does not specify clear delimiters or boundary markers (like XML tags or specific 'ignore' instructions) to separate user-provided ticket content from the automation logic.
- Capability inventory: The skill uses tools for ticket creation, updates, and macro execution, which could be misused if the agent is manipulated via ticket content.
- Sanitization: There is no mention of sanitization or filtering for ticket content before it is used for sentiment analysis or intent detection.
- [SAFE]: The skill is authored by 'Claude Office Skills' and refers to legitimate vendor resources and integrations with well-known services like Slack and Jira for notifications and bug tracking.
- [SAFE]: The YAML frontmatter restricts tool access to specific Zendesk-related functions, following the principle of least privilege.
Audit Metadata