winapp-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill installs the @microsoft/winappcli tool from Trusted External Sources (NPM, WinGet, GitHub).
- COMMAND_EXECUTION (SAFE): Commands provided for app initialization and MSIX packaging are standard for Windows development and do not show malicious intent.
- PROMPT_INJECTION (SAFE): An indirect prompt injection surface is present because the tool processes project files and manifests. This risk is minimized as the tool is from a trusted source and the surface is necessary for its function. Evidence Chain: * Ingestion points: AppxManifest.xml and project directories. * Boundary markers: Not explicitly defined in the skill documentation. * Capability inventory: Executes CLI commands for package creation and certificate installation. * Sanitization: Relies on validation performed by the underlying Microsoft winapp tool.
- NO_CODE (SAFE): This skill is composed of instructions and markdown only, with no accompanying scripts or executables.
Audit Metadata