wacli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs use of commands like "wacli sync --follow" and "wacli messages search ..." which fetch and ingest user-generated WhatsApp chat history (third‑party content) that the agent would read and that could materially influence subsequent actions such as sending messages.