Skills
skills/lunasoft2001/skills/whatsapp-mcp/Gen Agent Trust Hub

whatsapp-mcp

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to clone an external repository (github.com/lunasoft2001/mcp.git) and install dependencies using npm install. This is required to set up the local WhatsApp MCP server components.
  • [COMMAND_EXECUTION]: The instructions include a shell command template for using Google Chrome in headless mode to convert HTML files to PDF. It also instructs the user to grant execution permissions to a local script (start.sh) using chmod +x which is then executed by the agent platform.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads external data from WhatsApp messages through the get_chat_messages tool.
  • Ingestion points: WhatsApp messages retrieved from the WhatsApp API.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content within messages are provided in the skill's instructions.
  • Capability inventory: The agent can send messages, manage group participants, and execute local shell commands for file conversion.
  • Sanitization: No explicit sanitization or validation of message content is described before the agent processes the retrieved text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 01:24 PM