The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill promotes the use of Bun.$ for executing shell commands as a preferred alternative to other Node.js libraries. This provides the agent with a powerful mechanism for system-level execution. If an agent interpolates untrusted data (such as filenames, user-provided scripts, or web-scraped strings) into these shell commands without rigorous sanitization, it creates a direct path for command injection attacks.
[DATA_EXFILTRATION] (MEDIUM): The skill highlights Bun.file() for file system operations and several network-capable APIs including Bun.serve(), Bun.sql (Postgres), and Bun.redis. These APIs provide the necessary functionality to read sensitive local files and transmit their contents to remote endpoints, a risk that is heightened if the agent is manipulated via indirect injection.
[PROMPT_INJECTION] (HIGH): This finding identifies an Indirect Prompt Injection surface (Category 8) due to the combination of high-privilege capabilities and the processing of external content.
Ingestion points: The skill instructions are used for development tasks where the agent processes external files (e.g., TSX/JSX source, HTML imports, .env files) or handles API requests via Bun.serve().
Boundary markers: Absent. The skill contains no instructions for using delimiters or warnings to ignore embedded instructions when handling untrusted data with the recommended APIs.
Capability inventory: Bun.$ (shell execution), Bun.file() (file system operations), and Bun.serve() (network server functionality).
Sanitization: Absent. No guidance is provided for escaping or validating external content before it is interpolated into shell strings or file system paths.

bun