The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from external sources, specifically meeting content, summaries, and transcripts through tools like search_meetings, get_meeting_assets, and get_recording_resource (defined in SKILL.md and references/tools.md). * Ingestion points: Meeting metadata, summaries, and full transcripts are retrieved from Zoom's MCP servers as described in SKILL.md and references/tools.md. * Boundary markers: The instructions lack explicit delimiters or warnings to the agent to disregard instructions potentially embedded within the ingested meeting data. * Capability inventory: The skill provides access to capabilities that can affect external state, such as create_file_with_content for creating Zoom Docs (references/tools.md) and add_a_whiteboard_collaborator for managing Whiteboard access (whiteboard/references/tools.md). * Sanitization: No sanitization or validation logic is prescribed for the data retrieved from meeting assets before it is processed or used to generate new content.

zoom-mcp