Skills
skills/xfstudio/skills/automate-whatsapp/Gen Agent Trust Hub

automate-whatsapp

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a set of provided Node.js scripts to perform platform operations like fetching graphs, managing triggers, and deploying functions. This execution model is the standard interface for the skill's functionality.
  • [EXTERNAL_DOWNLOADS]: The instructions include a standard dependency installation step via npm i. No unverified or suspicious remote code downloads were detected.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes data from external, untrusted sources.
  • Ingestion points: External data enters the agent context through query-rows.js (database records) and get-execution.js (WhatsApp execution details and message content).
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or provide the agent with warnings to ignore instructions embedded within retrieved data.
  • Capability inventory: The agent can execute shell commands via the included Node scripts and possesses the ability to deploy and invoke arbitrary code on the platform runtime using deploy-function.js and invoke-function.js.
  • Sanitization: Absent. There is no indication of sanitization, validation, or filtering of the content retrieved from external sources before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 03:35 PM