zoom-mcp/whiteboard
Pass
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: SAFE
Full Analysis
- Integration with Official Service Endpoints: The skill provides guidance for connecting to Zoom's official Model Context Protocol (MCP) endpoints located at
mcp-us.zoom.us. Referencing well-known technology services for integration is a standard and expected functionality. - Authentication Best Practices: The skill recommends managing access tokens through environment variables (e.g.,
ZOOM_WHITEBOARD_MCP_ACCESS_TOKEN). This approach aligns with security best practices for credential management in development environments. - Data Interaction Surface: The skill facilitates reading content from external sources through tools like
get_a_whiteboard. As with any skill that ingests external data, there is a theoretical surface for indirect prompt injection if the retrieved content contains instructions. This is a common consideration for data-processing skills, and users should ensure appropriate handling of tool outputs in downstream logic. - No Executable Code Detected: The skill consists entirely of instructional documentation and metadata. No scripts, binaries, or automated package installations are included, which significantly reduces the local security risk profile.
Audit Metadata