integrate-whatsapp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill is a standard API management tool for the Kapso platform. All network communications are restricted to the authorized domain api.kapso.ai, and sensitive API keys are correctly managed through environment variables rather than being hardcoded.\n- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface as it ingests untrusted data from external sources (WhatsApp messages and flow responses).\n
- Ingestion points: Scripts like
scripts/list-flow-responses.js,scripts/get-flow.js, andscripts/list-flows.jsretrieve potentially attacker-controlled content from the WhatsApp API.\n - Boundary markers: There are no explicit delimiters or system instructions used in the scripts to isolate external content or warn the AI agent of its untrusted nature.\n
- Capability inventory: The skill includes high-privilege capabilities such as sending interactive WhatsApp messages (
scripts/send-test-flow.js) and deploying remote functions (scripts/create-function.js), which could be misused if an injection occurs.\n - Sanitization: No input sanitization or validation of the retrieved message content is performed within the skill scripts before the data is returned to the agent context.
Audit Metadata