The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs the wacli CLI tool from a third-party source on GitHub (steipete/wacli) via brew or go install.
[COMMAND_EXECUTION]: The skill uses the wacli binary to execute various tasks, including wacli auth for session management and wacli send file for transferring local files. The tool stores session data in ~/.wacli.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes incoming WhatsApp messages which could contain malicious instructions. Ingestion points: WhatsApp chat history and search results from wacli messages search and wacli history backfill in SKILL.md. Boundary markers: The instructions do not define specific markers to separate message content from instructions. Capability inventory: The skill can send text messages, upload local files, and retrieve sensitive chat history via the wacli command in SKILL.md. Sanitization: The skill includes a 'Safety' section requiring manual confirmation before sending, which serves as a human-in-the-loop mitigation, but lacks automated sanitization of ingested message text.

wacli