The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The automated scan confirmed a detection of a piped remote execution pattern: curl -fsSL https://bun.sh/install | bash.
Evidence: Found in the automated security alerts section referencing the installation of the Bun runtime.
Reasoning: This pattern allows a remote server (bun.sh) to execute arbitrary code on the local system with the user's current privileges. Because the domain 'bun.sh' (Oven) is not on the Trusted External Sources list, this is classified as CRITICAL.
[Dynamic Execution] (HIGH): The skill provides extensive documentation for the Bun Shell ($) API which allows for arbitrary command execution.
Evidence: references/shell.md detailes the use of $ for running shell commands and capturing output.
Reasoning: While the documentation claims auto-escaping, the ability to spawn subprocesses and execute shell built-ins represents a high-risk privilege that can be exploited for system compromise.
[Data Exposure & Exfiltration] (MEDIUM): The skill documentation includes instructions for connecting to PostgreSQL, MySQL, and S3, including the use of environment variables for credentials.
Evidence: references/database.md and references/file-io.md describe connection strings and S3 client setups using S3_ACCESS_KEY_ID and DATABASE_URL.
Reasoning: These APIs facilitate the reading and writing of sensitive data. In a compromised environment, these can be utilized for exfiltration.
[Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface where untrusted data could influence high-privilege tool calls.
Ingestion points: fetch() in references/networking.md, Bun.stdin and Bun.file() in references/file-io.md.
Boundary markers: Absent in provided examples.
Capability inventory: Bun.sql, Bun.write(), and shell commands ($).
Sanitization: Documentation warns against sql.unsafe and bash -c, but the surface remains vulnerable if the agent interpolates untrusted data into these calls.

bun