zoom-rtms
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation guidance for the Zoom RTMS service, which allows backend ingestion of live media streams.
- [SAFE]: External dependencies referenced in the examples, such as @zoom/rtms, deepgram-sdk, assemblyai, and openai, are standard, well-known libraries for AI and real-time communication.
- [SAFE]: Network operations, including WebSocket connections and HTTP API calls, are directed toward official Zoom infrastructure (zoom.us) or reputable AI service providers.
- [SAFE]: Credential management in all provided code samples uses environment variables (e.g., process.env.ZOOM_CLIENT_SECRET), following security best practices.
- [SAFE]: No evidence of prompt injection, data exfiltration, or obfuscation was found in the provided documentation or scripts.
- [PROMPT_INJECTION]: The skill processes untrusted data from meeting transcripts and chat (Ingestion points: client.onTranscriptData, client.onChatData). While examples show this data being sent to AI models for summarization (Capability inventory: OpenAI API calls) without explicit boundary markers or sanitization, this is an inherent and necessary aspect of the tool's primary purpose as an AI meeting assistant. Standard AI safety guardrails and developer-implemented sanitization are expected in production environments.
Audit Metadata