whatsapp biz responder

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent WhatsApp support responder, but it gives an agent real messaging authority and customer-data handling without clear enough admin-command and privacy controls.

Review before installing. Use only a WhatsApp Business token intended for this automation, restrict owner commands to a verified owner identity or admin channel, add clear customer notices for escalation and data retention, and minimize or expire stored ticket data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly forwards full customer conversations, names, and phone numbers to the business owner via another messaging channel, but the description does not clearly warn users that their messages and identifiers may be shared outside the original support channel. This creates a privacy and consent gap and can expose sensitive personal data to unintended handling, especially if the owner's secondary channel is less secure or shared with others.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill stores ticket metadata in agent memory, including ticket ID, customer phone number, category, timestamp, and status, without clearly warning about retention. Even though the stored format is limited, it still constitutes customer support metadata and can create privacy, compliance, and over-retention risks if users and operators are not informed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal