zoom-automation
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from Zoom API responses (e.g., meeting topics, descriptions, and participant names).
- Ingestion points: External data enters the agent context via retrieval tools such as
ZOOM_LIST_MEETINGS,ZOOM_GET_A_MEETING, andZOOM_LIST_ALL_RECORDINGS. - Boundary markers: Absent. The instructions do not define delimiters for external data or include directives for the agent to ignore instructions potentially embedded in Zoom records.
- Capability inventory: The skill possesses capabilities to create, update, and delete meetings and recordings, which could be misused if the agent follows instructions found in meeting metadata.
- Sanitization: Absent. There is no evidence of data sanitization or validation of content fetched from the Zoom API.
- [EXTERNAL_DOWNLOADS]: The skill relies on a third-party MCP server located at
https://rube.app/mcp. - This endpoint serves as the tool provider for Zoom automation, requiring the agent to send context and operation details to this external domain.
- The setup instructions require users to add this URL to their MCP client configuration, introducing a dependency on a non-standard external service.
Audit Metadata