israeli-whatsapp-business

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill provides a webhook handler example that processes untrusted data from incoming WhatsApp messages.
  • Ingestion points: The webhook_handler function in SKILL.md and SKILL_HE.md extracts content from the messages array in the incoming Meta webhook payload.
  • Boundary markers: Absent. The example code processes message bodies without using delimiters or providing instructions to the agent to disregard embedded commands.
  • Capability inventory: The skill is configured with Bash(python:*), Bash(curl:*), and WebFetch tools, enabling it to execute local scripts and perform network operations.
  • Sanitization: Absent. The code snippet directly accesses the message content via msg.get("text", {}).get("body", "") without validation or filtering.
  • [CREDENTIALS_UNSAFE]: The communication script included with the skill allows sensitive credentials to be passed as command-line arguments.
  • Evidence: In scripts/send_whatsapp.py, the --access-token and --phone-id arguments allow users to provide Meta API credentials directly in the shell. While the script also supports environment variables, the inclusion of the CLI argument option can lead to secret exposure in process lists or shell history.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 09:50 AM
Security Audit — agent-trust-hub — israeli-whatsapp-business