wacli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill metadata automates the installation of the
waclibinary using Homebrew (steipete/tap/wacli) and Go (github.com/steipete/wacli/cmd/wacli). Because the author/repository is not on the 'Trusted External Sources' list, this represents an unverifiable dependency installation. - COMMAND_EXECUTION (LOW): The skill relies on executing the
wacliCLI with various arguments. This is the intended functionality but creates a vector for command-line based attacks if combined with other vulnerabilities. - Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection via WhatsApp message content. Ingestion points: Untrusted data enters via
wacli messages searchandwacli chats list. Boundary markers: No delimiters or safety warnings are used to separate message text from agent instructions. Capability inventory: The skill can send messages (wacli send text) and read local files to send them (wacli send file). Sanitization: There are no instructions to sanitize or validate content pulled from WhatsApp before processing.
Audit Metadata