automate-whatsapp

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires a KAPSO_API_KEY and KAPSO_API_BASE_URL for operation. These are managed via environment variables according to standard security practices. The skill uses these credentials to authenticate requests to the Kapso platform API (api.kapso.ai).
  • [EXTERNAL_DOWNLOADS]: The scripts/openapi-explore.mjs script fetches OpenAPI specifications from docs.kapso.ai. As this is a vendor-owned domain, these downloads are considered safe and part of the intended functionality.
  • [REMOTE_CODE_EXECUTION]: The skill allows for the creation, deployment, and invocation of JavaScript functions on the Kapso platform via scripts/create-function.js, scripts/deploy-function.js, and scripts/invoke-function.js. These capabilities are central to the skill's purpose as an automation development tool.
  • [COMMAND_EXECUTION]: The references/agent-remote-sandbox.md documentation describes a remote sandbox environment that provides agents with access to tools like bash, read, and write. This is an intended feature for repository inspection and modification within a controlled, ephemeral workspace.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of WhatsApp messages (inbound_message triggers), which are stored in the execution context (vars.user_reply). While this provides a surface for indirect prompt injection, the skill's instructions for agents involve using these variables within a structured automation environment, and the scripts themselves are secure API wrappers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 05:46 PM
Security Audit — agent-trust-hub — automate-whatsapp