zoom-rest-api
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's documentation for processing webhooks and recording data introduces an indirect prompt injection surface.
- Ingestion points: Untrusted data from Zoom webhooks is processed in the provided Express.js server example in
examples/webhook-server.md. - Boundary markers: Boundary markers or explicit instructions for the AI to ignore embedded commands are absent from the provided code samples.
- Capability inventory: The skill provides instructions for extensive meeting and user management capabilities, which could be misused if malicious data is ingested (e.g.,
examples/meeting-lifecycle.md,examples/user-management.md). - Sanitization: The provided code snippets do not demonstrate content sanitization or validation of the external data being processed.
- [EXTERNAL_DOWNLOADS]: The skill references several external packages and resources from well-known and trusted sources.
- Recommends the installation of standard industry packages including
express,body-parser,axios, anddotenv. - Mentions the official
@zoom/rivetSDK for simplified API interaction. - References official OpenAPI specifications and sample repositories hosted by the Zoom organization on GitHub (
github.com/zoom/api).
Audit Metadata