wacli
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation process fetches the wacli binary from a third-party Homebrew repository (steipete/tap/wacli) and a Go module (github.com/steipete/wacli/cmd/wacli).
- [DATA_EXFILTRATION]: The skill provides the capability to read local files and send them to external WhatsApp contacts via the 'wacli send file' command, which could be abused for data exfiltration if the agent is misdirected.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external WhatsApp data.
- Ingestion points: Message history and chat names are retrieved via 'wacli messages search' and 'wacli chats list' in SKILL.md.
- Boundary markers: No protective delimiters or instructions are used to isolate message content from commands.
- Capability inventory: The agent can send text and files to any WhatsApp JID via 'wacli send'.
- Sanitization: No evidence of validation or filtering of incoming WhatsApp content before processing.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via the wacli CLI for authentication, message searching, and file transmission.
Audit Metadata