Skills
skills/windmill-labs/windmill/refine/Gen Agent Trust Hub

refine

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git diff main...HEAD --stat. This is a read-only local command used to determine which files were modified during the session.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the repository's documentation and skill files to generate updates.\n
  • Ingestion points: SKILL.md (reads docs/validation.md, docs/enterprise.md, docs/autonomous-mode.md, and other invoked skills).\n
  • Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between documentation content and potential instructions.\n
  • Capability inventory: Executing git diff (read-only) and writing/editing files in the docs/ directory.\n
  • Sanitization: No sanitization or validation of the ingested content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 12:10 PM