wacli
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the wacli command-line tool from a third-party repository (github.com/steipete/wacli) using either Homebrew or the Go toolchain.
- [COMMAND_EXECUTION]: The skill executes various CLI commands to authenticate with WhatsApp, search message history, and send text or files to external recipients. This includes the capability to send local files from the system via the
--fileargument. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external WhatsApp message content which could contain instructions intended to influence the agent's behavior.
- Ingestion points: WhatsApp message data is ingested via
wacli messages searchandwacli chats list(SKILL.md). - Boundary markers: None present; there are no instructions to the agent to treat message content as untrusted data.
- Capability inventory: The skill can send messages and local files to external JIDs/phone numbers (SKILL.md).
- Sanitization: No sanitization or escaping of message content is specified before the data enters the agent's context.
Audit Metadata