whatsapp-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script 'whatsapp_agent.py' executes another local python script 'macro_agent.py' using 'subprocess.run'. While the path is restricted to the user's home directory, it relies on the integrity of the 'macro-agent' skill.
- [PROMPT_INJECTION] (LOW): The skill processes external message content which is then passed to a typing automation tool ('write'). This creates an indirect prompt injection surface where malicious instructions in a message could theoretically influence the agent if it 'sees' its own typed output, though the impact is limited by the automation context.
- Ingestion points: The 'message' argument in 'command_send' (whatsapp_agent.py).
- Boundary markers: Instructions in SKILL.md advise the LLM to separate user instructions from content, but no programmatic delimiters are used in the message processing logic.
- Capability inventory: Uses 'subprocess.run' to trigger 'seq-run', 'write', and 'press enter' via the macro-agent wrapper.
- Sanitization: Minimal; the script converts text to lowercase and removes accents, but does not filter for control characters or injection patterns.
Audit Metadata