skills/steipete/clawdis/wacli/Gen Agent Trust Hub

wacli

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the wacli binary for searching history and sending messages.
  • [EXTERNAL_DOWNLOADS]: The skill defines installation procedures for wacli via Homebrew and Go, pulling from the author's own GitHub repositories.
  • [DATA_EXFILTRATION]: The tool manages WhatsApp message data and chat history, storing it locally in ~/.wacli. Network activity is consistent with standard WhatsApp operations.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through message ingestion.
  • Ingestion points: WhatsApp message content via wacli messages search in SKILL.md.
  • Boundary markers: Not explicitly defined in the instructions.
  • Capability inventory: Message sending capability via wacli send in SKILL.md.
  • Sanitization: No explicit sanitization or filtering of message content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:07 AM
Security Audit — agent-trust-hub — wacli