whatsapp-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly opens and scrapes web.whatsapp.com and parses user-generated chat content (see SKILL.md and scripts/read_messages.py / scripts/last_reply.py and src/chat.py's _READ_MESSAGES_JS), and that untrusted message text is read/interpreted by the agent and can influence subsequent actions (e.g., reporting last replies, sending messages, group operations), so it can enable indirect prompt injection.