zoom
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/cliglobal package. This is a legitimate tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to interact with the Zoom API, manage connections, and execute actions. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing data from Zoom (e.g., meeting recordings and user lists). 1. Ingestion points: Zoom API data retrieved via the
membraneCLI tool. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill text. 3. Capability inventory: The skill can execute CLI commands and make proxied HTTP requests using the Membrane CLI. 4. Sanitization: There is no documented validation or sanitization of the data retrieved from external API endpoints.
Audit Metadata