windmill
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration files and container images from the official Windmill Labs GitHub repository and container registry (ghcr.io/windmill-labs/windmill).
- [COMMAND_EXECUTION]: Includes standard Docker and Docker Compose commands for self-hosting the application.
- [DATA_EXFILTRATION]: Code examples use placeholders for sensitive parameters like API keys and database URLs (e.g., api_key, db_url) which are intended for local processing within the self-hosted environment.
- [PROMPT_INJECTION]: The skill describes a platform for processing data from external sources. Ingestion points include API responses and database query results. Capability inventory includes the execution of TypeScript, Python, Go, and Bash scripts. While code snippets do not feature explicit boundary markers, the guidelines suggest human-in-the-loop approval steps for sensitive operations.
Audit Metadata