deno-to-bun
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface.\n
- Ingestion points: The skill reads
deno.json,deno.jsonc, and recursively greps through the entire project directory (grep -r "deno run" .) as seen in SKILL.md Steps 1 and 2.\n - Boundary markers: Absent. No instructions are provided to the agent to distinguish project code/data from its own internal instructions.\n
- Capability inventory: High-risk tools
Bash(shell execution),Write(file system modification), andReadare enabled.\n - Sanitization: Absent. The agent is directed to process and act upon the contents of project files without any validation or filtering.\n
- Risk: A malicious project could contain files with instructions that trick the agent into performing destructive actions or exfiltrating data using its broad toolset.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Dependency-based RCE.\n
- Step 9 in
SKILL.mdinstructs the agent to runbun install.\n - This executes code from the npm registry based on
package.jsoncontents generated from the untrusted project source files, enabling execution of malicious post-install scripts.\n- [COMMAND_EXECUTION] (LOW): Tool Access Risk.\n - The skill requires
Bash,Write, andReadpermissions. While legitimate for a migration tool, this expansive access maximizes the potential damage of any prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata