bun
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Skill provides instructions to download and execute the official Bun installation script from bun.sh, which is recognized as a well-known service.
- [COMMAND_EXECUTION]: Skill requests authority to execute shell commands via bun and bunx CLI tools.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface as it processes and executes scripts from external sources. 1. Ingestion points: Reads package.json and uses templates via bun create. 2. Boundary markers: None defined to protect against malicious instructions in external data. 3. Capability inventory: Commands executed via Bash(bun:) and Bash(bunx:). 4. Sanitization: No sanitization or validation of the ingested external content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata