whatsapp-flows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via data ingestion from WhatsApp users. \n
- Ingestion points:
list-flow-responses.jsandlist-function-logs.jsretrieve data from external sources (user responses and system logs) and provide them to the agent. \n - Boundary markers: The instructions do not define delimiters or protective prompts to prevent the agent from following instructions embedded in the ingested data. \n
- Capability inventory: The agent has the ability to modify flow logic (
update-flow-json.js) and deploy code (deploy-data-endpoint.js), which could be exploited if the agent is manipulated by injected content. \n - Sanitization: There is no evidence of sanitization or input validation for the data retrieved from external scripts.
Audit Metadata