whatsapp-cloud-api-agent
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/message_router.pyutilizes__import__("time")for dynamic module loading. This is used strictly to retrieve current timestamps for session activity tracking and does not facilitate arbitrary code execution. - [CREDENTIALS_UNSAFE]: API tokens and Meta application secrets are managed through environment variables and Pydantic settings, as demonstrated in
app/config.pyandscripts/webhook_handler.py. No hardcoded credentials or sensitive keys were identified in the source files. - [DATA_EXFILTRATION]: Network operations are directed solely to the official Meta Graph API (
graph.facebook.com) to support the skill's messaging functionality. No unauthorized data transmission to third-party or suspicious domains was observed. - [EXTERNAL_DOWNLOADS]: The skill documentation lists standard, well-maintained Python libraries such as
fastapi,httpx, andredis. These dependencies are common in production environments and do not pose a supply chain risk in this context. - [PROMPT_INJECTION]: The skill acts as a gateway for untrusted user input from WhatsApp, creating a potential surface for indirect prompt injection. This is a standard risk for chatbot infrastructure and is documented here for completeness.
- Ingestion points: Incoming message content is parsed in
scripts/webhook_handler.pyand routed inscripts/message_router.py. - Boundary markers: No specific delimiters are used to isolate user-provided text before it is forwarded to backend agents.
- Capability inventory: The skill can trigger outbound messages via Meta's API and update conversation state in a Redis database.
- Sanitization: No content-based filtering or sanitization of incoming text is performed.
Audit Metadata