bun
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill provides legitimate documentation and usage patterns for the Bun runtime.
- Command Execution (SAFE): The skill references
Bun.$for shell command execution. As this is the primary purpose of a runtime development tool, it is considered safe in this context. - Indirect Prompt Injection (SAFE): The skill demonstrates handling web requests via
Bun.serve(). While this represents an ingestion point for external data, the examples provided are standard and do not include malicious patterns. Implementation of these patterns should include standard input sanitization. (Evidence: Ingestion point inBun.serveroutes in SKILL.md; Capabilities inBun.$andBun.filein SKILL.md).
Audit Metadata