bun-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill performs remote script execution using the 'curl | bash' pattern. Evidence: 'curl -fsSL https://bun.sh/install | bash'. This allows an external source to execute arbitrary code on the system. Although bun.sh is a popular developer tool, it does not fall under the 'Trusted External Sources' defined in the security policy, making this a critical finding.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
- AI detected serious security threats
Audit Metadata