bun-first
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override agent behavior. The language is purely instructional for development workflows.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or network exfiltration patterns detected.
- [Unverifiable Dependencies & RCE] (SAFE): The skill mentions package management commands (bun install, bun add) as a practice but does not provide specific external packages to install or remote scripts to execute.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph-based evasion techniques were found in the file.
- [Indirect Prompt Injection] (SAFE): This skill defines coding standards and does not ingest or process untrusted external data, posing no risk of data-driven instruction injection.
Audit Metadata