whatsapp-flows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses local Node.js scripts to perform its primary functions, such as creating flows and updating JSON. This is standard behavior for a CLI-style skill and is required for the intended purpose.
- PROMPT_INJECTION (LOW): The scripts list-flow-responses.js and list-function-logs.js ingest untrusted data from the external Kapso platform, creating a surface for indirect prompt injection. 1. Ingestion points: list-flow-responses.js and list-function-logs.js (reads data from WhatsApp users). 2. Boundary markers: Absent from the documentation. 3. Capability inventory: Includes local script execution and API interactions. 4. Sanitization: No sanitization or validation of the external content is mentioned.
Audit Metadata