read-whatsapp-export
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/setup.shscript clones the whisper.cpp repository from GitHub (https://github.com/ggerganov/whisper.cpp.git) and downloads a large-v3 model file (~3GB). This process also involves building the whisper-cli binary locally usingcmakeandmake.\n- [COMMAND_EXECUTION]: The skill executes shell commands to process data and manage dependencies.\n - It uses
subprocess.runin Python to invoke a bash helper script (transcribe-audio.sh).\n - The shell scripts use
ffmpegfor audio conversion and thewhisper-clifor transcription to handle voice messages.\n - These executions use list-based arguments and quoted variables, which are safe practices to prevent command injection from user-supplied filenames found in exports.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from WhatsApp exports.\n
- Ingestion points: Untrusted data enters the agent context through the parsing of
_chat.txtand exported media filenames within theprocess-conversation.pyscript.\n - Boundary markers: The skill formats messages into Markdown chunks but does not include explicit delimiters or instructions to tell the agent to ignore instructions embedded within the chat text.\n
- Capability inventory: The skill has the capability to read and write files in the local project directory and execute subprocesses like
ffmpegand thewhisper-cli.\n - Sanitization: The scripts perform regex-based removal of zero-width control characters but do not sanitize message content for potential prompt injection strings.
Audit Metadata