Skills
skills/sickn33/antigravity-awesome-skills/automate-whatsapp/Gen Agent Trust Hub

automate-whatsapp

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Node.js scripts to manage Kapso platform resources, including fetching workflow graphs, managing database rows, and inspecting executions.
  • [EXTERNAL_DOWNLOADS]: Requires running npm install to set up the execution environment by downloading necessary packages from the npm registry.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection from untrusted external data.
  • Ingestion points: Reads content from incoming WhatsApp triggers and Cloudflare D1 database tables via query-rows.js.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are documented for processing this data.
  • Capability inventory: The skill can deploy code to remote runtimes (deploy-function.js), modify workflow logic (update-graph.js), and perform CRUD operations on databases.
  • Sanitization: There is no mention of sanitization or validation of data retrieved from external sources before it influences automated actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:11 PM