add-reactions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill integrates with the WhatsApp channel and explicitly ingests user-generated WhatsApp messages and reactions (see SKILL.md test steps and the agent-facing react_to_message MCP tool in container/skills/reactions/SKILL.md), which the agent is expected to read and act on, so untrusted third-party content can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs adding and fetching from the remote git URL https://github.com/qwibitai/nanoclaw-whatsapp.git and merging the skill branch into the codebase during apply, which pulls external code that is then built and executed (migrations, tests, runtime), so this external repo directly supplies required runtime code for the agent.