andocs
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill provides instructions to install the Bun runtime via a remote script from its official site using a shell pipe. It also uses
bunxto execute theandocspackage directly from a remote registry. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided documentation, including diagrams and HTML snippets, which could contain instructions for the agent.
- Ingestion points: User documentation directories (e.g.,
docs/,content/) and Markdown files. - Boundary markers: Fenced code blocks with language tags like
mermaidandhtml-previeware used to delimit external content. - Capability inventory: The skill can execute local shell commands through the Bun runtime and start a local web server as documented in
SKILL.md. - Sanitization: The skill documentation states that interactive previews and prototypes are rendered within sandboxed iframes to mitigate risks.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata