whatsapp-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from incoming WhatsApp messages. This creates an attack surface where an external party could send messages containing instructions to manipulate the agent's behavior. Evidence: (1) Ingestion points: Incoming WhatsApp messages via tools like WHATSAPP_SEND_REPLY which implies reading context. (2) Boundary markers: None provided to delimit user content from instructions. (3) Capability inventory: Tool sequence includes sending messages, uploading media, and creating templates. (4) Sanitization: No sanitization or validation of message content is mentioned.
- [Data Exposure] (LOW): The skill accesses business-sensitive information such as contact lists, phone number IDs, and business profiles which could be exposed or exfiltrated if the agent's instructions are overridden.
Audit Metadata