wacli
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'wacli' binary from a non-trusted third-party repository (github.com/steipete/wacli) using either the Go toolchain or a custom Homebrew tap.
- [COMMAND_EXECUTION]: The skill is designed to construct and execute shell commands using the 'wacli' CLI to perform operations like sending text, files, and searching history.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses sensitive private data, including WhatsApp chat logs, group information, and contact details. It also manages authentication state and session data stored in the local directory '~/.wacli'.
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting untrusted content. 1. Ingestion points: WhatsApp message content retrieved via 'wacli messages search' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via 'wacli send' and file access as seen in SKILL.md. 4. Sanitization: None specified.
Audit Metadata