Skills
skills/jarmen423/skills/bun-development/Gen Agent Trust Hub

bun-development

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The automated scan detected the command curl -fsSL https://bun.sh/install | bash. Piping a remote script directly to a shell allows the external server to execute arbitrary commands on the system. Per the [TRUST-SCOPE-RULE], bun.sh is not a listed trusted source, and thus the execution of unverified remote code remains CRITICAL.
  • External Downloads (HIGH): The skill downloads executable content from an external domain without verification or sandboxing.
  • Command Execution (HIGH): The script executes shell commands to modify the environment via the installation of the Bun runtime, which could lead to unauthorized system changes if the source is compromised.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 04:54 AM