zoom-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes a concrete CLI example that embeds an Authorization: Bearer token header (and references tokens/passcodes) which encourages placing secrets directly into commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to call Zoom's MCP tools (e.g., search_meetings, get_meeting_assets, get_recording_resource) against the hosted MCP endpoint (https://mcp-us.zoom.us/mcp/zoom/streamable) and to read semantic meeting content, transcripts, and linked assets as part of workflows (see SKILL.md and examples/transcript-retrieval.md), which are user-generated third-party contents that can directly influence subsequent tool calls and actions.