Skills
skills/gokapso/agent-skills/automate-whatsapp/Gen Agent Trust Hub

automate-whatsapp

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to build automation workflows that process untrusted data from external WhatsApp users.
  • Ingestion points: User input is captured via inbound_message triggers and wait_for_response nodes, then stored in execution variables like vars.user_reply (as documented in SKILL.md and assets/workflow-linear.json).
  • Boundary markers: The provided system prompt examples for agent nodes (e.g., in assets/workflow-customer-support-intake-agent.json and assets/workflow-api-template-wait-agent.json) interpolate these untrusted variables directly into the prompt without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: Agent nodes can utilize tools to send messages, manage execution variables, and call external app integrations such as Slack or HubSpot.
  • Sanitization: There is no evidence of input validation, escaping, or content filtering in the provided documentation or code examples.
  • [EXTERNAL_DOWNLOADS]: The scripts/openapi-explore.mjs utility is configured to fetch OpenAPI specifications from the vendor's documentation site at docs.kapso.ai to enable discovery of platform API capabilities.
  • [COMMAND_EXECUTION]: The skill includes various Node.js scripts in the scripts/ directory that wrap the Kapso Platform API. Some of these scripts, including create-function.js and update-graph.js, read local files provided by the user to facilitate resource deployment and configuration management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:54 AM