Skills
skills/daleseo/bun-skills/bun-deploy/Gen Agent Trust Hub

bun-deploy

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): File 'references/dockerfile-templates.md' contains the pattern 'curl -fsSL https://bun.sh/install | bash' for Serverless/Lambda deployments. Executing remote scripts from non-whitelisted domains during image builds is a high-risk activity.
  • COMMAND_EXECUTION (HIGH): File 'references/multi-platform.md' instructs the user to execute 'docker run --privileged' to set up binfmt. The '--privileged' flag grants the container root capabilities on the host system, posing a significant privilege escalation risk.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. * Ingestion points: 'package.json' and 'bun.lockb' (referenced in 'SKILL.md'). * Boundary markers: Absent. * Capability inventory: 'Bash' (subprocess calls for Docker and Bun), 'Write' (generates configuration files), 'Read'. * Sanitization: Absent; the skill interpolates project metadata directly into generated deployment artifacts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:06 PM