whatsapp-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines an AI-powered chatbot that processes untrusted user input from WhatsApp messages, creating a surface for indirect prompt injection.
- Ingestion points: Incoming messages are captured via the WhatsApp Trigger and processed in the AI Response node.
- Boundary markers: The current templates lack explicit delimiters or instructions to ignore embedded commands within the interpolated user message variable.
- Capability inventory: The chatbot is equipped with tools to perform order lookups, product searches, and support ticket creation.
- Sanitization: No explicit input validation or filtering is implemented for the content of incoming messages before they are sent to the LLM.
- [COMMAND_EXECUTION]: The skill includes a JavaScript-based data processing step within an n8n code node.
- Evidence: The Parse Message node in the example workflow uses a script to extract sender and text fields from the raw WhatsApp API JSON response.
Audit Metadata