The Agent Skills Directory

[SAFE]: The skill's behavior is consistent with its stated purpose. Analysis of all 48 script files shows they are standard API clients for the Kapso platform. All network traffic is directed to the vendor's own infrastructure at kapso.ai or docs.kapso.ai.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from the WhatsApp channel.
Ingestion points: External messages from WhatsApp users are captured in variables such as vars.user_reply (in workflow-linear.json) or vars.support_intake (in workflow-customer-support-intake-agent.json).
Boundary markers: The provided workflow assets and prompt templates lack delimiters (e.g., XML tags or triple quotes) or specific instructions to help the model distinguish between system instructions and user-provided data.
Capability inventory: The agent nodes have access to a high-privilege toolset, including the ability to perform D1 database CRUD operations, trigger Pipedream app integrations, and invoke arbitrary webhooks.
Sanitization: There is no evidence of input validation or escaping logic in the provided JavaScript scripts or workflow definitions.

automate-whatsapp