observe-whatsapp
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local Node.js scripts, such as
messages.jsandapi-logs.js, to perform diagnostic tasks and query the Kapso API. - [EXTERNAL_DOWNLOADS]: Setup instructions include running
npm ito install necessary Node.js dependencies for the diagnostic tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and displays external data (WhatsApp messages and API logs) that could contain malicious instructions.
- Ingestion points: Data is processed via
scripts/messages.js,scripts/api-logs.js, andscripts/webhook-deliveries.js. - Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within retrieved data.
- Capability inventory: The scripts are primarily used for retrieving and viewing diagnostic data; they do not appear to have high-risk capabilities like writing to the filesystem or executing arbitrary commands based on the retrieved content.
- Sanitization: No explicit sanitization or filtering of API response data is described in the provided documentation.
Audit Metadata