scribe
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill handles the ingestion of external audio and video content for transcription via Zoom Scribe APIs (SKILL.md). This resulting transcript text is a potential surface for indirect prompt injection if passed into downstream agent workflows without sanitization. The skill currently provides documentation and reference snippets but does not include automated sanitization logic.
- Secure Credential Management: The instructions in references/environment-variables.md and examples/fast-mode-node.md promote the use of environment-based configuration for sensitive keys like ZOOM_API_SECRET and AWS credentials, avoiding the risks associated with hardcoded values.
- Standard Authentication Implementation: The code snippets provided for JWT generation and webhook signature verification utilize industry-standard practices and libraries (jsrsasign, crypto), ensuring secure communication with the Zoom platform.
- Official Resource Integration: The skill references official Zoom developer documentation and verified GitHub repositories for implementation guidance, maintaining a clear path to trusted sources.
Audit Metadata