Trust Assessment
zendesk received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized URL Parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized URL Parameters The skill's example `curl` commands directly interpolate placeholders like `TICKET_ID`, `ORG_ID`, `USER_ID`, and parts of search queries into double-quoted strings within shell commands. In bash, command substitution (`$(command)`) is performed even within double quotes. If an LLM or user substitutes these placeholders with untrusted input containing shell metacharacters (e.g., `$(evil_command)`), it could lead to arbitrary command execution on the host system. While one example (`ACCOUNT_NAME` on line 109) correctly demonstrates URL encoding using `jq -sRr @uri`, this sanitization is missing from most other examples where user-controlled input would typically be used. All parameters derived from untrusted input (e.g., `TICKET_ID`, `ORG_ID`, `USER_ID`, and components of search queries) must be properly URL-encoded before being inserted into `curl` commands. The skill should consistently demonstrate this sanitization, for example, by using `$(echo "$USER_INPUT" | jq -sRr @uri)` for all such variables. | LLM | SKILL.md:36 |
Scan History
Embed Code
[](https://skillshield.io/report/39748b77a1178a69)
Powered by SkillShield