Skills
AGENT LAB: SKILLS
skills/composiohq/awesome-claude-skills/whatsapp-automation/Gen Agent Trust Hub

whatsapp-automation

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [Prompt Injection] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it handles untrusted data and has high-privilege write capabilities.
  • Ingestion points: Processes untrusted body and media_url data in WHATSAPP_SEND_MESSAGE and WHATSAPP_SEND_MEDIA.
  • Boundary markers: Absent. There are no instructions to the agent to treat this data as untrusted.
  • Capability inventory: Includes high-impact tools for sending messages and media to external contacts.
  • Sanitization: No input validation or sanitization is mentioned.
  • [External Downloads] (MEDIUM): Relies on an unverified third-party MCP server (https://rube.app/mcp) which is not within the trusted organization scope.
  • [Data Exfiltration] (LOW): The tool WHATSAPP_SEND_MEDIA accepts a URL, which could be exploited for Server-Side Request Forgery (SSRF) to access internal network metadata if the agent environment is not isolated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:14 PM