zendesk-sunshine

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry to facilitate communication with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform authentication, manage connections, and execute actions against the Zendesk Sunshine API.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data returned from external actions.
  • Ingestion points: Data returned from membrane action run commands is processed by the agent.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill definition.
  • Capability inventory: The skill is capable of executing shell commands via the membrane CLI.
  • Sanitization: No explicit sanitization of tool outputs is defined within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:57 PM
Security Audit — agent-trust-hub — zendesk-sunshine