wacli
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the
waclitool via Homebrew (steipete/tap/wacli) or Go (github.com/steipete/wacli), which are external third-party repositories. - [COMMAND_EXECUTION]: The skill executes various
wacliCLI commands to manage authentication, synchronize message history, and send texts or files. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted content from WhatsApp chat history and local files.
- Ingestion points: External data is read through
wacli messages search,wacli history backfill, andwacli send file. - Boundary markers: The skill instructions suggest confirming details with the user but do not implement technical delimiters to isolate ingested message content from the system prompt.
- Capability inventory: The skill can execute CLI commands, access the local file system, and perform network requests via the CLI tool.
- Sanitization: There is no evidence of content sanitization or filtering of the WhatsApp message data before it is processed by the agent.
Audit Metadata