whatsapp-web-js
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the development of tools that process untrusted WhatsApp messages, creating a surface for indirect prompt injection. 1. Ingestion points: Incoming message events and chat history fetching methods described in 'references/detailed-guide.md' allow external content into the agent's context. 2. Boundary markers: The provided documentation and code examples do not specify delimiters or instructions to ignore instructions embedded in message bodies. 3. Capability inventory: The skill documents capabilities such as sending messages, managing groups, and fetching media, which could be abused if an injection occurs. 4. Sanitization: The tool creation patterns lack evidence of input sanitization or validation.
- [EXTERNAL_DOWNLOADS]: The skill documents the 'MessageMedia.fromUrl()' method, which fetches content from arbitrary external URLs as part of its standard functionality for sending media.
- [DATA_EXFILTRATION]: The 'LocalAuth' strategy is described as a way to persist session authentication data to the local filesystem, which is standard behavior for the library but involves sensitive session persistence.
Audit Metadata