opentui
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation frequently instructs the user or agent to run
bunx create-tui@latest, which fetches and executes a package from a remote registry. This pattern is found inSKILL.md,references/core/REFERENCE.md,references/react/REFERENCE.md, andreferences/solid/REFERENCE.md. - [REMOTE_CODE_EXECUTION]: The instructions for using
bunxto initialize projects represent a remote code execution vector as the package source (anomalyco/opentui) is not among the verified trusted organizations. - [COMMAND_EXECUTION]: The file
references/core/gotchas.mdexplicitly references theBun.$API for shell command execution (e.g.,Bun.$ls -la``). Using such APIs to process terminal commands presents a risk if the input is not strictly controlled. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: User input components such as
<input>and<textarea>defined inreferences/components/inputs.md. Boundary markers: None mentioned in the documentation. Capability inventory: Shell execution viaBun.$(referenced inreferences/core/gotchas.md) and file system operations viaBun.file(referenced inreferences/core/gotchas.md). Sanitization: No sanitization or validation strategies are provided for handling user-supplied data within the TUI components.
Audit Metadata