Skills
skills/davepoon/buildwithclaude/ops-whatsapp-biz/Gen Agent Trust Hub

ops-whatsapp-biz

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The create-template sub-command is vulnerable to shell injection. User-provided inputs such as BODY_TEXT, HEADER_TEXT_INPUT, BUTTON_URL, and BUTTON_TEXT are interpolated directly into shell strings using a pattern that allows escaping (e.g., COMPONENTS='[{"type":"BODY","text":"'"${BODY_TEXT}"'"}]'). A crafted input containing a single quote and a semicolon could execute arbitrary system commands.
  • [COMMAND_EXECUTION]: The send-template and check-template sub-commands interpolate user-controlled variables like TEMPLATE_NAME, PHONE, and TEMPLATE_COMPONENTS_JSON directly into shell command strings and JSON payloads. Without proper sanitization or escaping, these inputs can be used to manipulate the command line or execute unauthorized actions.
  • [CREDENTIALS_UNSAFE]: The setup command performs an invasive scan of the host environment for credentials. It searches through shell profile files (~/.zshrc, ~/.bashrc, ~/.zprofile, ~/.envrc) and dumps the discovered secrets to the output. This automated harvesting of sensitive API tokens from local configuration files poses a significant security risk to the user's environment.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to Meta's official Graph API (graph.facebook.com) to manage WhatsApp Business messages and templates. These requests involve the transmission of sensitive authentication tokens.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 29, 2026, 06:48 AM
Security Audit — agent-trust-hub — ops-whatsapp-biz