bun-development
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill performs piped shell execution of a remote script from 'https://bun.sh/install' using the 'curl | bash' pattern. This is a critical vulnerability because the script source is not on the trusted list and the method bypasses safety checks.
- Command Execution (HIGH): The skill uses direct shell execution through a pipe, which is an unsafe practice for executing code in an agent environment.
- Evidence: 2 instances of 'curl -fsSL https://bun.sh/install | bash' detected.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
- AI detected serious security threats
Audit Metadata