Skills
skills/devxoul/agent-messenger/agent-whatsapp/Gen Agent Trust Hub

agent-whatsapp

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the agent-messenger package from the NPM registry to provide the agent-whatsapp CLI functionality. This package is the core tool used by the skill for its primary functions.
  • [DATA_EXPOSURE]: WhatsApp authentication state and session keys are stored locally in ~/.config/agent-messenger/. While the skill sets restrictive filesystem permissions (0600), the documentation notes that these keys are stored in plaintext and grant full access to the linked WhatsApp account.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and summarize external WhatsApp chat data, creating an attack surface for indirect prompt injection.
  • Ingestion points: Untrusted message content is retrieved via the agent-whatsapp message list command.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between message content and system instructions.
  • Capability inventory: The agent has access to a restricted shell environment (Bash(agent-whatsapp:*)) and file system access via standard Read/Write tools.
  • Sanitization: No sanitization or filtering logic is mentioned for processing the body of incoming messages.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:08 AM