Skills
skills/natea/exomind/whatsapp-message-management/Gen Agent Trust Hub

whatsapp-message-management

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from incoming WhatsApp messages.
  • Ingestion points: WhatsApp messages are retrieved via mcp__whatsapp__list_messages in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content within the message body during parsing.
  • Capability inventory: The skill can send messages via mcp__whatsapp__send_message, download media via mcp__whatsapp__download_media, and create tasks/notes in the system.
  • Sanitization: The provided parseQuickCapture logic lacks sanitization or validation of the message content before processing and confirmation.
  • [EXTERNAL_DOWNLOADS]: The technical implementation notes reference the use of external Node.js dependencies.
  • Evidence: The code snippets in SKILL.md show the use of require('node-cron') for scheduling briefings.
  • [COMMAND_EXECUTION]: The skill documentation includes examples of command-line operations to verify connectivity.
  • Evidence: SKILL.md suggests running claude mcp list | grep whatsapp to check server availability.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 07:10 PM