Skills
skills/gyorkluu/electrobun-skills/electrobun-rpc-patterns/Gen Agent Trust Hub

electrobun-rpc-patterns

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The executeCommand RPC handler in src/bun/main.ts utilizes Bun.spawn([cmd, ...args]) where the command and arguments are passed directly from the webview via the RPC interface, enabling arbitrary command execution.
  • [REMOTE_CODE_EXECUTION]: By exposing process spawning primitives to the webview process, this pattern provides a direct mechanism for remote code execution on the host system.
  • [DATA_EXFILTRATION]: The implementation of listFiles and saveFile allows the webview to list any directory and write to any file path on the system, which can be used to access or modify sensitive data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 04:21 AM