Skills
skills/qverisai/qverisbot/wacli/Gen Agent Trust Hub

wacli

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automates the installation of the wacli binary from an external, non-trusted GitHub repository (github.com/steipete/wacli). This source is not on the trusted vendors list.
  • [COMMAND_EXECUTION]: The skill invokes the wacli command-line utility to perform operations such as authentication, syncing history, and searching messages.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted text from WhatsApp messages. * Ingestion points: wacli messages search and wacli chats list. * Boundary markers: None. There are no delimiters or instructions to ignore commands within the message content. * Capability inventory: wacli send text and wacli send file, providing the ability to send data externally. * Sanitization: None. The skill does not sanitize or validate retrieved message content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 01:23 AM