automate-whatsapp
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires a
KAPSO_API_KEYandKAPSO_API_BASE_URLfor operation. These are managed via environment variables according to standard security practices. The skill uses these credentials to authenticate requests to the Kapso platform API (api.kapso.ai). - [EXTERNAL_DOWNLOADS]: The
scripts/openapi-explore.mjsscript fetches OpenAPI specifications fromdocs.kapso.ai. As this is a vendor-owned domain, these downloads are considered safe and part of the intended functionality. - [REMOTE_CODE_EXECUTION]: The skill allows for the creation, deployment, and invocation of JavaScript functions on the Kapso platform via
scripts/create-function.js,scripts/deploy-function.js, andscripts/invoke-function.js. These capabilities are central to the skill's purpose as an automation development tool. - [COMMAND_EXECUTION]: The
references/agent-remote-sandbox.mddocumentation describes a remote sandbox environment that provides agents with access to tools likebash,read, andwrite. This is an intended feature for repository inspection and modification within a controlled, ephemeral workspace. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of WhatsApp messages (
inbound_messagetriggers), which are stored in the execution context (vars.user_reply). While this provides a surface for indirect prompt injection, the skill's instructions for agents involve using these variables within a structured automation environment, and the scripts themselves are secure API wrappers.
Audit Metadata