zendesk-sunshine
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform authentication, manage connections, and execute actions against the Zendesk Sunshine API. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data returned from external actions.
- Ingestion points: Data returned from
membrane action runcommands is processed by the agent. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The skill is capable of executing shell commands via the
membraneCLI. - Sanitization: No explicit sanitization of tool outputs is defined within the skill instructions.
Audit Metadata