The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the wmill CLI to manage the development lifecycle, including local script execution (wmill script preview), running deployed workspace scripts (wmill script run), and synchronizing local changes to the server (wmill sync push). These commands are essential for the primary purpose of the skill.
[REMOTE_CODE_EXECUTION]: Arbitrary code execution is a core feature of the skill, enabling the agent to run user-defined Bun Native scripts locally or within the Windmill workspace. The windmill-client SDK also provides methods like runScriptByPath and runFlow to programmatically trigger execution on the platform.
[EXTERNAL_DOWNLOADS]: The wmill generate-metadata command is used to resolve script dependencies. This process may involve fetching and updating external packages from standard registries (e.g., npm) to ensure local lockfiles and metadata are synchronized with the code.
[DATA_EXFILTRATION]: The skill's SDK provides capabilities to read from and write to external and platform-managed storage, such as S3 (loadS3File, writeS3File) and Windmill's internal resource/variable store (getResource, getVariable). These functions are intended for legitimate data processing within the Windmill ecosystem.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data through script parameters in main functions and event objects in preprocessor scripts. While it lacks explicit boundary markers or sanitization guidelines in the prompt itself, its operations are restricted to the intended developer workflow context.

write-script-bunnative