israeli-whatsapp-business
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides a webhook handler example that processes untrusted data from incoming WhatsApp messages.
- Ingestion points: The
webhook_handlerfunction inSKILL.mdandSKILL_HE.mdextracts content from themessagesarray in the incoming Meta webhook payload. - Boundary markers: Absent. The example code processes message bodies without using delimiters or providing instructions to the agent to disregard embedded commands.
- Capability inventory: The skill is configured with
Bash(python:*),Bash(curl:*), andWebFetchtools, enabling it to execute local scripts and perform network operations. - Sanitization: Absent. The code snippet directly accesses the message content via
msg.get("text", {}).get("body", "")without validation or filtering. - [CREDENTIALS_UNSAFE]: The communication script included with the skill allows sensitive credentials to be passed as command-line arguments.
- Evidence: In
scripts/send_whatsapp.py, the--access-tokenand--phone-idarguments allow users to provide Meta API credentials directly in the shell. While the script also supports environment variables, the inclusion of the CLI argument option can lead to secret exposure in process lists or shell history.
Audit Metadata