write-script-graphql
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'wmill' command-line interface to perform actions such as
wmill script preview,wmill script run, andwmill sync push. These commands enable the agent to execute code locally or interact with a remote workspace. - [EXTERNAL_DOWNLOADS]: The
wmill generate-metadatacommand re-resolves dependencies, which may result in downloading or updating external packages. The skill explicitly mentions that this behavior is expected and can bump unpinned versions during the resolution process. - [REMOTE_CODE_EXECUTION]: The agent is directed to write code (specifically GraphQL queries or script logic) and subsequently execute it using the
wmill script previewcommand. This involves the dynamic execution of generated content as part of the tool's core functionality for testing and validation. - [DATA_EXFILTRATION]: The skill includes functionality to push local code changes to a remote workspace using
wmill sync push. This is a standard deployment feature for the Windmill platform and is managed via the vendor's official CLI tool.
Audit Metadata