write-script-bun
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
wmillCLI for several operations: metadata generation (wmill generate-metadata), script execution (wmill script preview,wmill script run), and workspace synchronization (wmill sync push). These are official platform commands used for their intended purpose within the Windmill development workflow. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of TypeScript/Bun code using
wmill script preview. This is a core feature of the platform designed to allow developers to test scripts locally before deployment. The instructions emphasize that this executes code and should be done when testing is intended. - [DATA_EXFILTRATION]: While the skill interacts with sensitive data via resources (e.g.,
RT.Stripe,wmill.getResource) and S3 storage (wmill.loadS3File), these operations are performed through the officialwindmill-clientSDK. These interactions are standard for the platform's functionality and do not exhibit exfiltration patterns to unauthorized domains. - [INDIRECT_PROMPT_INJECTION]: The skill describes processing external data (e.g., webhook events in preprocessor scripts).
- Ingestion points: Event bodies and headers are ingested in
preprocessorfunctions. - Boundary markers: None explicitly defined in the provided code templates.
- Capability inventory: The agent can execute scripts and system commands via the
wmillCLI. - Sanitization: Standard TypeScript typing is used, but the skill does not explicitly detail sanitization of the input data. However, as this is a developer-centric coding tool, this surface is considered a standard functional risk rather than a malicious injection.
Audit Metadata