build-zoom-phone-integration
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [External Data Ingestion Surface]: The skill describes workflows that ingest data from external sources such as Zoom Phone APIs and webhooks (e.g., call history and SMS logs). While this is a standard operational requirement, it represents a surface where external content enters the agent's context. The documentation mitigates this by recommending webhook signature validation and structured logging.
- [Credential Management Guidance]: Implementation patterns involve the use of OAuth credentials. The skill provides clear instructions to maintain sensitive keys like
ZOOM_CLIENT_SECRETin environment variables and manage them exclusively on the server side, which aligns with industry-standard security practices. - [Origin Validation in Communication Patterns]: The provided examples for Smart Embed integrations include explicit validation of the message origin (e.g., checking for
https://applications.zoom.us). This is an important security measure to ensure that the application only interacts with trusted communication channels.
Audit Metadata