bun-test
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction override, jailbreaking, or system prompt extraction were detected in the instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local file paths or perform unauthorized network requests. It correctly demonstrates restoring environment variables and global fetch states to ensure test isolation.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other encoding techniques were used to hide malicious commands.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download or execute remote scripts. It uses standard
bun testCLI commands for its intended purpose. - [Privilege Escalation] (SAFE): No commands for acquiring administrative privileges (e.g.,
sudo,runas) were found. - [Persistence Mechanisms] (SAFE): No attempts to modify startup files, shell profiles, or scheduled tasks were identified.
- [Indirect Prompt Injection] (SAFE): The skill provides templates for test code. It does not ingest untrusted data from external sources that could lead to injection attacks.
- [Dynamic Execution] (SAFE): The use of
await import()in code examples is a standard requirement for Bun'smock.module()feature to ensure modules are loaded after mocks are initialized. This is a legitimate use within the primary purpose of the skill and poses no risk.
Audit Metadata