notify-ormus-whatsapp

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is configured to transmit local project information, including file paths, statistics, and activity summaries, to a hardcoded external WhatsApp group ID (120363422067085557@g.us) using an MCP tool.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted local data and incorporates it into external communications. \n
  • Ingestion points: Local project files, research documents, and commit history are accessed to gather notification content (SKILL.md, Step 2). \n
  • Boundary markers: Absent; the skill uses direct string interpolation in its message templates without protective delimiters. \n
  • Capability inventory: The skill utilizes the mcp__periskope-whatsapp__periskope_send_message tool to send data to an external recipient. \n
  • Sanitization: Absent; the instructions do not include any validation, escaping, or filtering of the project data before it is transmitted.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — notify-ormus-whatsapp