waha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/list_chats.py and scripts/list_messages in SKILL.md) call WAHA endpoints like /api/{session}/chats and /api/{session}/chats/{chatId}/messages to fetch and print user-generated WhatsApp message bodies (and can download media), which are untrusted third-party content that could contain instructions or links influencing subsequent actions such as replying, forwarding, or sending media.