zoom-cobrowse-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were identified within the provided documentation or code snippets.
- [EXTERNAL_DOWNLOADS]: The skill correctly points to official Zoom domains (zoom.us) and official GitHub repositories (github.com/zoom) for SDK resources and sample code. These references are documented neutrally as they originate from trusted, well-known vendor sources.
- [CREDENTIALS_UNSAFE]: The skill uses appropriate placeholders for sensitive keys and explicitly warns against exposing the SDK Secret in client-side code, directing users toward secure server-side implementation.
- [REMOTE_CODE_EXECUTION]: The code examples demonstrate a standard web integration pattern for loading an SDK via CDN. The script injection targets a legitimate Zoom-managed endpoint.
- [DATA_EXFILTRATION]: There is no evidence of data exfiltration. The documentation includes specific sections on 'piiMask' to help developers protect sensitive user data from being visible to support agents.
Audit Metadata