zoom-cobrowse-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Resource Downloads]: The skill fetches SDK components from official domains and references sample code from established GitHub organizations. These are standard resources for integrating the documented platform.
- [Credential Management]: Documentation emphasizes that the SDK Secret must remain on the server to sign JWTs, preventing exposure of sensitive authentication keys in client-side code.
- [Privacy Controls]: Detailed guidance is provided for masking sensitive data fields using CSS selectors, ensuring private information is not visible to agents during active sessions.
- [Indirect Prompt Injection Surface]: The skill enables an environment where an agent interacts with untrusted external website content.
- Ingestion points: External browser content is synchronized to the agent portal in the customer integration files.
- Boundary markers: The skill relies on visual masking and data attribute filtering rather than specific textual delimiters.
- Capability inventory: Agent capabilities include screen annotation and remote scrolling assistance documented in the examples.
- Sanitization: Implementation includes CSS-based masking to filter sensitive elements from the synchronization stream.
Audit Metadata