automate-whatsapp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection. It enables the retrieval of untrusted user data from external messaging channels (WhatsApp) via scripts like
get-execution.js. This data enters the agent's context and could contain malicious instructions designed to manipulate the agent.\n - Ingestion points:
scripts/get-execution.js,scripts/get-context-value.js, andscripts/list-executions.jsall return data containing external user input.\n - Boundary markers: No explicit delimiters or instructions for the agent to treat retrieved data as untrusted are found in the documentation or scripts.\n
- Capability inventory: The skill possesses high-privilege capabilities on the Kapso platform, including the ability to modify automation logic and deploy executable code.\n
- Sanitization: The skill does not perform any sanitization or validation of the data retrieved from the remote API, passing it directly to the agent in JSON format.
Audit Metadata