integrate-whatsapp
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill follows best practices for managing credentials via environment variables.
- [EXTERNAL_DOWNLOADS]: Fetches OpenAPI documentation from the official vendor domain (docs.kapso.ai) to support API exploration. This is a trusted source for this skill.
- [COMMAND_EXECUTION]: Provides scripts for making authorized API calls to the Kapso and Meta WhatsApp platforms for messaging, template management, and WhatsApp Flows.
- [PROMPT_INJECTION]: The skill can ingest and process external OpenAPI specifications, creating an indirect prompt injection surface.
- Ingestion points: scripts/openapi-explore.mjs allows loading specifications via URL or local files.
- Boundary markers: Absent in the script-based data processing.
- Capability inventory: HTTP requests (scripts/lib/http.js), file reading (scripts/lib/cli.js), and platform function deployment (scripts/create-function.js).
- Sanitization: Uses standard YAML and JSON parsing libraries for external data.
Audit Metadata