Skills
skills/idjoo/skills/waha/Gen Agent Trust Hub

waha

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by reading external data that the agent then processes.
  • Ingestion points: scripts/list_chats.py fetches message bodies and last message previews from the WhatsApp API.
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat the fetched message content as untrusted data.
  • Capability inventory: The skill possesses the ability to send messages, manage groups, control sessions, and read local configuration files.
  • Sanitization: No validation, escaping, or filtering is performed on the ingested message content before it is presented to the agent.
  • [COMMAND_EXECUTION]: The skill uses uv run to execute various Python scripts located in the scripts/ directory to perform all WhatsApp operations.
  • [SECURITY_PRACTICE]: In scripts/waha_client.py, the httpx.Client is initialized with verify=False. Disabling SSL certificate verification makes the communication between the agent and the WAHA API vulnerable to man-in-the-middle (MITM) attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:31 AM