integrate-whatsapp
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The security analysis of the skill's markdown instructions and associated JavaScript/ESM scripts found no evidence of malicious patterns, prompt injections, or unauthorized data access.
- [EXTERNAL_DOWNLOADS]: The
openapi-explore.mjsscript facilitates the retrieval of OpenAPI specifications from the official vendor documentation domain (docs.kapso.ai). These downloads are neutrally documented as they are sourced from the vendor's own infrastructure and are essential for the skill's intended purpose. - [COMMAND_EXECUTION]: The skill provides a suite of scripts that interact with the Kapso Platform and Meta Proxy APIs (e.g.,
api.kapso.ai). These tools allow for the management of WhatsApp integrations, including webhook creation, template management, and message transmission, using the user's authenticated session. - [REMOTE_CODE_EXECUTION]: Functionality is provided to upload and deploy user-authored code for Kapso Functions and WhatsApp Flow data endpoints. This represents the intended administrative capability of the skill to manage business logic on the vendor's platform.
- [CREDENTIALS_UNSAFE]: The skill correctly implements secure credential management by instructing users to provide their API keys through environment variables (
KAPSO_API_KEY) rather than hardcoding sensitive information.
Audit Metadata