whatsapp-macos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically reads and parses user-generated WhatsApp content from the local WhatsApp desktop app via the accessibility tree (e.g., traverseAXTree and parsing functions used by whatsapp_read_messages, whatsapp_search, whatsapp_get_active_chat/parseVisibleSearchResults in Sources/WhatsAppMCP and the SKILL.md/README workflows), so untrusted third‑party message text can be ingested and could influence subsequent tool actions.