pp-zoom
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
zoom-pp-clitool supports a--deliver webhook:<url>flag, which allows the agent to POST command results to an external URL. - This mechanism can be used to exfiltrate sensitive information extracted from Zoom, such as meeting summaries, attendee lists, or full transcripts.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing meeting transcripts and notes which may contain malicious instructions from third parties.
- Ingestion points: The
find,notes search, andnotes ingestcommands retrieve text from meeting records and local documents. - Boundary markers: The instructions do not define delimiters or provide guidance to the agent to ignore instructions embedded within the processed transcripts.
- Capability inventory: The agent has access to the
Bashtool and can perform file system writes and network operations via the CLI's delivery sinks. - Sanitization: No sanitization or validation of the ingested text is mentioned before it is returned to the agent context.
- [EXTERNAL_DOWNLOADS]: The skill requires installing a binary from external repositories.
- It utilizes
npx -y @mvanhorn/printing-press-libraryandgo install github.com/mvanhorn/printing-press-library/...to provide the core functionality. - [COMMAND_EXECUTION]: The skill relies on the execution of the
zoom-pp-clibinary to interact with the Zoom service and local file system.
Audit Metadata