build-zoom-meeting-sdk-app
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Trusted External Downloads: The skill provides instructions for downloading SDK packages and development tools from established, reliable sources. This includes the Zoom Marketplace, GitHub repositories belonging to the official Zoom organization, and official Linux package repositories like Ubuntu Security. These downloads are standard and necessary for the intended purpose of the skill.
- Benign Command Execution: The integration guides include common development and system administration commands. This includes package management (apt-get, yum, npm), build toolchain commands (cmake, make, MSBuild), and file system utilities (xcopy, tar, ln). These commands are used legitimately to set up the development environment, compile code, and manage deployment artifacts.
- Secure Credential Management: Throughout the documentation, there is a strong emphasis on security best practices regarding credentials. It consistently advises developers to generate SDK signatures server-side and never expose the SDK Secret in client-side code. Examples use clearly marked placeholders like 'YOUR_SDK_KEY' and 'YOUR_SIGNATURE'.
- Standard Development Procedures: The skill covers essential technical tasks such as handling authentication tokens (JWT, ZAK, OBF), managing meeting lifecycles, and configuring system-level dependencies like PulseAudio for Linux bots. These instructions are aligned with the technical requirements of the Zoom Meeting SDK.
Audit Metadata