whatsapp-instagram-tiktok-mass-sender-marketing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill is explicitly designed for large-scale, targeted scraping and unsolicited outreach — including competitor follower scraping, bio phone-number extraction, bulk DMs/WhatsApp blasts, persistent tracking, and proxy/account rotation to evade detection — which demonstrates clear malicious/abusive intent and privacy-exfiltration behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes scraping competitor followers/hashtag users from external Instagram/TikTok sources (public web/social content) and then using the scraped users’ fields to construct personalized DM/comment text that is fed into the agent’s LLM context (indirectly via “personalizedMsg”/templates using scraped user data).