whatsapp-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires adding an external MCP server (https://rube.app/mcp). This server provides the tools necessary for the skill but represents an external dependency not found in the trusted sources list.- [PROMPT_INJECTION] (LOW): The skill processes incoming WhatsApp messages, creating a surface for indirect prompt injection. An attacker could send malicious instructions via WhatsApp that the agent might execute if it processes the message content without sanitization. * Ingestion points: Incoming messages (referenced in the 'Reply to Messages' workflow). * Boundary markers: Absent; the instructions do not suggest using delimiters or warnings to ignore embedded content. * Capability inventory: Includes sending messages, uploading media, and creating templates. * Sanitization: Absent; the skill does not provide instructions for escaping or validating message content.
Audit Metadata