whatsapp-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an OpenAPI schema from the author's GitHub repository (raw.githubusercontent.com/holon-run) to configure its operation. This is a functional requirement for the skill used to define the API interface.
- [COMMAND_EXECUTION]: The skill executes shell commands using the uxc utility and a dynamically linked command-line wrapper to interact with the WhatsApp Cloud API. This capability is used to perform legitimate administrative and messaging tasks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when handling responses from the external API.
- Ingestion points: Untrusted data enters the context via business profile and phone number metadata retrieval operations defined in SKILL.md.
- Boundary markers: No specific delimiters or instructions are used to separate API-returned data from agent instructions.
- Capability inventory: The skill can execute shell commands through the uxc tool (SKILL.md) and perform outbound network actions via message sending (references/usage-patterns.md).
- Sanitization: The skill does not perform sanitization or validation of the data retrieved from the WhatsApp API before it is processed by the agent.
Audit Metadata