build-zoom-team-chat-app
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- Webhook Signature Verification: The skill provides detailed instructions and code for verifying incoming Zoom webhooks using HMAC-SHA256 signatures. This allows the integration to confirm that messages originate from Zoom, preventing unauthorized requests.
- Input Sanitization and Validation: Documentation and examples in
utils/validation.jsdemonstrate how to sanitize user input by removing control characters and enforcing character limits. It also includes validation for identifiers like JIDs, helping to ensure that processed data conforms to expected formats. - Handling External Data: The skill defines patterns for processing data received from Zoom webhooks (
bot_notification). It includes defensive measures such as source verification and data sanitization (filtering control characters and length enforcement) to ensure that data from the chat environment is handled safely. Ingestion points occur via webhook payloads, while capabilities involve messaging and channel management. - Secure Credential Management: The skill emphasizes using environment variables and
.envfiles rather than hardcoding credentials, which is a standard security practice for managing Client IDs and Secrets. - Least Privilege Scopes: Guidelines are provided for selecting the minimum necessary scopes for the integration, such as
chat_message:writeorimchat:bot, reducing the potential impact of a credential compromise. - Trusted Service References: The skill points to official Zoom developer resources and well-known libraries like
expressandnode-fetch. These references are documented neutrally as part of the setup process.
Audit Metadata