bun
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The automated scan detected a command that downloads a shell script from 'https://bun.sh/install' and pipes it directly into the bash shell ('curl -fsSL https://bun.sh/install | bash'). This specific pattern allows for the unverified execution of arbitrary remote code. According to the analysis skill guidelines, piped remote execution (curl|bash) from any source not explicitly listed in the 'Trusted External Sources' is a CRITICAL finding.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata