wacli
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
waclibinary for searching history and sending messages. - [EXTERNAL_DOWNLOADS]: The skill defines installation procedures for
waclivia Homebrew and Go, pulling from the author's own GitHub repositories. - [DATA_EXFILTRATION]: The tool manages WhatsApp message data and chat history, storing it locally in
~/.wacli. Network activity is consistent with standard WhatsApp operations. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through message ingestion.
- Ingestion points: WhatsApp message content via
wacli messages searchinSKILL.md. - Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: Message sending capability via
wacli sendinSKILL.md. - Sanitization: No explicit sanitization or filtering of message content is mentioned.
Audit Metadata