add-reactions

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This URL points to a GitHub repository from an unfamiliar user — GitHub is a common and generally trustworthy host, but pulling, merging, and executing migrations/builds from an unreviewed third‑party repo poses a moderate-to-high supply‑chain/malware risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill integrates with the WhatsApp channel and explicitly ingests user-generated WhatsApp messages and reactions (see SKILL.md test steps and the agent-facing react_to_message MCP tool in container/skills/reactions/SKILL.md), which the agent is expected to read and act on, so untrusted third-party content can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs adding and fetching from the remote git URL https://github.com/qwibitai/nanoclaw-whatsapp.git and merging the skill branch into the codebase during apply, which pulls external code that is then built and executed (migrations, tests, runtime), so this external repo directly supplies required runtime code for the agent.