The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (LOW): The documentation recommends initializing projects using bunx create-tui@latest and installing libraries via bun install. These commands download and execute code from the npm registry under the anomalyco organization, which is not verified as a trusted source. Although standard for the framework's use case, this pattern involves executing unvetted remote code.
Dynamic Execution (LOW): The skill documentation includes examples of using the Bun.$ API for shell command execution and Bun.build for runtime compilation of native Zig code. These are powerful capabilities intended for TUI development that provide a vector for arbitrary command execution if not restricted.
Indirect Prompt Injection (LOW): The framework's input components and data-fetching patterns create a surface for indirect prompt injection if an agent processes untrusted data without sanitization.
Ingestion points: File references/components/inputs.md (input and textarea components) and references/react/patterns.md (API fetch examples).
Boundary markers: Absent; the documentation does not provide instructions for using delimiters or warnings to ignore embedded instructions in processed data.
Capability inventory: File references/core/gotchas.md identifies capabilities such as Bun.$ (shell) and Bun.file (filesystem access).
Sanitization: Absent; no escaping or validation logic is demonstrated for handling external input.

opentui