pp-zoom

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The zoom-pp-cli tool supports a --deliver webhook:<url> flag, which allows the agent to POST command results to an external URL.
  • This mechanism can be used to exfiltrate sensitive information extracted from Zoom, such as meeting summaries, attendee lists, or full transcripts.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing meeting transcripts and notes which may contain malicious instructions from third parties.
  • Ingestion points: The find, notes search, and notes ingest commands retrieve text from meeting records and local documents.
  • Boundary markers: The instructions do not define delimiters or provide guidance to the agent to ignore instructions embedded within the processed transcripts.
  • Capability inventory: The agent has access to the Bash tool and can perform file system writes and network operations via the CLI's delivery sinks.
  • Sanitization: No sanitization or validation of the ingested text is mentioned before it is returned to the agent context.
  • [EXTERNAL_DOWNLOADS]: The skill requires installing a binary from external repositories.
  • It utilizes npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/... to provide the core functionality.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the zoom-pp-cli binary to interact with the Zoom service and local file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 10:32 PM
Security Audit — agent-trust-hub — pp-zoom