zendesk-automation

SUSPICIOUS: The skill's Zendesk capabilities match its stated purpose, and the Rube/Composio endpoint appears legitimately same-org. However, all data and OAuth flow through a third-party hosted MCP rather than direct Zendesk APIs, the setup claim is somewhat inconsistent with official auth docs, and the skill enables high-impact Zendesk actions without explicit approval guardrails. This is not confirmed malware, but it carries medium security risk due to intermediary data flow and operational authority.