Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources (WhatsApp messages).
- Ingestion points: Untrusted data enters the context through commands like
wacrawl messages,wacrawl search, andwacli messages list, which retrieve content from private and group chats. - Capability inventory: The skill possesses write capabilities through
wacli send, which allows for message transmission and state mutation. - Boundary markers: The instructions lack specific boundary markers or delimiters to isolate message content from the agent's primary instructions.
- Sanitization: There is no mention of sanitizing or escaping the retrieved message content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill operates by executing local shell commands using the
wacrawlandwacliCLI tools. - Command Surface: It defines patterns for searching history, syncing databases, and sending messages.
- Data Access: These commands interact directly with the user's private WhatsApp Desktop archives and linked-device session databases located in local project directories (
~/Projects/wacrawland~/Projects/wacli).
Audit Metadata