Skills
skills/elizaos/eliza/wacli/Gen Agent Trust Hub

wacli

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the wacli utility from a third-party GitHub repository (github.com/steipete/wacli) via Go or a Homebrew tap. This source is not among the explicitly trusted vendors.
  • [DATA_EXFILTRATION]: Accesses highly sensitive communication data, including WhatsApp chat history, contact lists, and message contents, stored in the ~/.wacli directory. This represents a significant data exposure risk.
  • [COMMAND_EXECUTION]: Utilizes the wacli binary to perform operations like sending text and files, which could be misused if the agent is influenced by malicious input.
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection from received WhatsApp messages which could influence agent behavior.
  • Ingestion points: Message search and chat listing commands (wacli messages search, wacli chats list in SKILL.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are defined for the tool's output.
  • Capability inventory: The skill has the ability to send messages and files via the CLI (wacli send in SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of retrieved message content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 07:52 AM