Skills
skills/asharibali/whatsapp-me/whatsapp-messaging/Gen Agent Trust Hub

whatsapp-messaging

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill instructs the agent to ingest untrusted data from WhatsApp and use it to determine its next actions, creating a significant attack surface.
  • Ingestion points: Incoming messages received via send_message(wait_for_reply: true) and get_conversation_history.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore potentially malicious instructions embedded in the messages.
  • Capability inventory: The skill allows the agent to "Continue based on their reply" and work on "what they want to work on next," effectively granting any remote WhatsApp sender access to all of the agent's installed tools and capabilities.
  • Sanitization: Absent. The instructions do not include any logic for validating or sanitizing incoming message content.
  • [Credentials Unsafe] (LOW): The get_setup_info tool is designed to return a verify_token. While necessary for setup, the skill explicitly directs the agent to "Present the webhook_url and verify_token clearly," which could lead to the exposure of sensitive setup credentials in chat logs if handled carelessly.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM