zoom-cobrowse-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly exposes agents to arbitrary customer web pages—"Real-Time Co-Browsing: Agent sees customer's browser activity live" and the agent iframe flow (e.g., iframe src to Zoom-hosted desk with agent token) in SKILL.md show the agent reads/interacts with untrusted third-party page content as part of normal operation, which could carry instructions that change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill loads and executes remote JavaScript at runtime from Zoom's CDN (e.g. https://us01-zcb.zoom.us/static/resource/sdk/${ZOOM_SDK_KEY}/js/2.13.2) and also embeds the Zoom-hosted agent portal iframe (https://us01-zcb.zoom.us/sdkapi/zcb/frame-templates/desk?access_token=...), both of which run remote code and directly control agent-facing UI/prompt behavior and are required for the skill to operate.