bun-cli
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference guide for the Bun runtime and CLI tool. A thorough analysis across all threat categories shows no evidence of malicious activity.
- [PROMPT_INJECTION]: No instructions were found that attempt to override AI safety guidelines or bypass system prompts. The content is purely instructional regarding the Bun CLI.
- [DATA_EXFILTRATION]: There are no hardcoded credentials, sensitive file path accesses, or suspicious network operations. While it mentions
.envfile loading, this is standard functionality for the described tool and no exfiltration patterns are present. - [REMOTE_CODE_EXECUTION]: The skill describes standard package management commands (e.g.,
bun install,bun add,bunx). It explicitly mentions Bun'strustedDependenciesfeature, which is a security mechanism designed to prevent unauthorized execution of lifecycle scripts from third-party packages. - [COMMAND_EXECUTION]: The skill lists various CLI commands for the Bun runtime. These are documented for the user's reference in a development context and do not include unauthorized or hidden command execution.
- [OBFUSCATION]: All files are written in clear Markdown. No Base64 encoding, zero-width characters, or homoglyph attacks were detected.
- [DYNAMIC_EXECUTION]: The skill documents Bun's ability to run TypeScript/JavaScript directly and compile standalone executables. These are core features of the tool and are presented as technical documentation rather than malicious execution vectors.
Audit Metadata