Skills
skills/windmill-labs/windmill-cli-docs/raw-app/Gen Agent Trust Hub

raw-app

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the wmill command-line tool (the official CLI for Windmill) to scaffold new applications, manage project metadata, and synchronize code with the platform. This is the intended functional purpose of the skill.
  • [PROMPT_INJECTION]: The skill contains instructional patterns directing the agent to automate the app creation process rather than delegating it to the user. While it specifies that certain CLI prompts are 'skipped silently' to avoid hanging the agent, this is a technical requirement for non-interactive execution and does not represent a malicious attempt to conceal behavior.
  • [DATA_EXFILTRATION]: Includes commands like wmill sync push and wmill sync pull for legitimate synchronization between the local environment and the Windmill platform. These operations are within the expected scope of the tool and target the vendor's own services.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:36 AM
Security Audit — agent-trust-hub — raw-app