wacli
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of the
waclibinary from external sources, specificallysteipete/tap/waclivia Homebrew andgithub.com/steipete/wacli/cmd/wacli@latestusing the Go toolchain. - [COMMAND_EXECUTION]: The skill's primary functionality is implemented through the execution of shell commands using the
wacliCLI, which manages authentication, message history, and data transmission. - [DATA_EXFILTRATION]: The skill has the capability to read sensitive WhatsApp chat history and send local system files (e.g.,
wacli send file --file /path/agenda.pdf). This intended behavior facilitates the movement of local data to an external service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. (1) Ingestion points: Untrusted data is ingested into the agent context from WhatsApp chat logs retrieved using
wacli messages searchorwacli chats listin SKILL.md. (2) Boundary markers: There are no markers or instructions defined to prevent the agent from executing commands that might be embedded in the retrieved WhatsApp messages. (3) Capability inventory: The skill enables the agent to send text and files to any WhatsApp recipient. (4) Sanitization: No sanitization or validation logic is present to filter incoming message content before it is processed.
Audit Metadata