notify-ormus-whatsapp
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to transmit local project information, including file paths, statistics, and activity summaries, to a hardcoded external WhatsApp group ID (120363422067085557@g.us) using an MCP tool.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted local data and incorporates it into external communications. \n
- Ingestion points: Local project files, research documents, and commit history are accessed to gather notification content (SKILL.md, Step 2). \n
- Boundary markers: Absent; the skill uses direct string interpolation in its message templates without protective delimiters. \n
- Capability inventory: The skill utilizes the
mcp__periskope-whatsapp__periskope_send_messagetool to send data to an external recipient. \n - Sanitization: Absent; the instructions do not include any validation, escaping, or filtering of the project data before it is transmitted.
Audit Metadata