70High
The skill exhibits critical security flaws, including insecure secret handling, unconstrained network access, vulnerable cryptographic implementation, and instruction boundary manipulation, while lacking necessary dependency pinning and documentation.
Skill Info
Nameanthropics/knowledge-work-plugins/build-zoom-team-chat-app
Registrygithub
Version55447a28e6c7
PURLpkg:github/anthropics/knowledge-work-plugins@55447a28e6c7?skill=build-zoom-team-chat-app
Stars21,418
Installs984
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
982 installs
Skills.shDocs
npx skills add https://github.com/anthropics/knowledge-work-pluginsAssessments (5)
AI Agent Traps ↗Instruction boundary manipulation detectedhighprompt injectionAML.T0051AML.T0051.000AML.T0051.001AML.T0054LLM01:2025
Instruction boundary manipulation detected
100% confidenceline 97
### System
Insecure webhook verification patternhighcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
The provided webhook verification example uses string concatenation to build the message for HMAC validation, which can be vulnerable to timing attacks or canonicalization issues if not handled strictly. [severity raised to high: this vector is independently flagged by both deterministic and LLM analysis (ADR-0065 corroboration).]
85% confidenceline 348
const message = `v0:${req.headers['x-zm-request-timestamp']}:${JSON.stringify(req.body)}`;Environment secret flows to a network sink (JS/TS)highdata exfiltrationAML.T0025AML.T0024LLM02:2025
Environment secret flows to a network sink (JS/TS) [severity raised to high: this vector is independently flagged by both deterministic and LLM analysis (ADR-0065 corroboration).]
95% confidenceline 20
taint source (line 27): process.env.ZOOM_BOT_JID → sink: fetch('https://api.zoom.us/v2/im/chat/messages', {
method: 'POST',
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
robot_jid: process.env.ZOOM_BOT_JID,
to_jid: payload.toJid, // From webhook
account_id: payload.accountId, // From webhook
content: {
head: {
text: 'Build Notification',
sub_head: { text: 'CI/CD Pipeline' }
},
body: [
{ type: 'message', text: 'Deployment successful!' },
{
type: 'fields',
items: [
{ key: 'Branch', value: 'main' },
{ key: 'Commit', value: 'abc123' }
]
},
{
type: 'actions',
items: [
{ text: 'View Logs', value: 'view_logs', style: 'Primary' },
{ text: 'Dismiss', value: 'dismiss', style: 'Default' }
]
}
]
}
})
})Credential theft risk via environment variableslowcredential theftAML.T0055AML.T0037LLM02:2025
The skill encourages the use of environment variables for sensitive credentials (Client ID, Secret, Bot JID) without providing guidance on secure storage or secret management, increasing the risk of accidental exposure.
70% confidence
See [references/environment-variables.md](references/environment-variables.md) for standardized .env keys
Global/unverified dependency execution — global npm/yarn package, dotnet tool, or auto-confirmed npx run without version or integrity pinningmediumsupply chainAML.T0010AML.T0019AML.T0058LLM03:2025
Global/unverified dependency execution — global npm/yarn package, dotnet tool, or auto-confirmed npx run without version or integrity pinning
100% confidenceline 362
npm install -g
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "concepts/api-selection.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[Choose Your API](concepts/api-selection.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "concepts/environment-setup.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[Environment Setup](concepts/environment-setup.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "examples/oauth-setup.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[OAuth Setup](examples/oauth-setup.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "examples/send-message.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[Send First Message](examples/send-message.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "get-started.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[Get Started](get-started.md)
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/anthropics/knowledge-work-plugins/build-zoom-team-chat-app)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/knowledge-work-plugins/build-zoom-team-chat-app"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/knowledge-work-plugins/build-zoom-team-chat-app.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/anthropics/knowledge-work-plugins/build-zoom-team-chat-app.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow