whatsapp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and returns user-generated WhatsApp content (e.g., via client.getChats(), chat.fetchMessages(), and client.searchMessages() in whatsapp_skill.js and the SKILL.md "Reading Chats & Messages" / "Search messages" workflow), so untrusted third-party messages could be read and materially influence the agent's decisions or subsequent messaging actions.