The Agent Skills Directory

[Security Standards Compliance]: The skill provides excellent guidance on securing web applications within the Zoom environment. It includes specific implementations for OWASP-recommended security headers (HSTS, CSP, X-Content-Type-Options) and mandates the use of SameSite=None; Secure for session cookies to prevent silent failures in cross-origin embedded contexts.
[Robust Authentication Patterns]: It demonstrates the correct implementation of OAuth 2.0 with Proof Key for Code Exchange (PKCE) and state validation. These techniques are essential for protecting against authorization code interception and Cross-Site Request Forgery (CSRF) attacks.
[Official Resource Integration]: All SDK scripts and API endpoint references target official Zoom infrastructure (e.g., appssdk.zoom.us and api.zoom.us). This is consistent with legitimate development workflows for the Zoom platform.
[Credential Safety]: The documentation correctly advises developers to store sensitive information like Client Secrets and tokens server-side, utilizing environment variables and excluding them from version control through .gitignore practices.
[Secure Communication]: Patterns for real-time collaboration (via Socket.io or Y.js) and instance-to-instance communication (connect and postMessage) are implemented using standard, well-vetted libraries and SDK methods designed for these purposes.

zoom-apps-sdk