bun-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill uses a highly dangerous pattern for executing remote scripts.
- Evidence: The automated scan detected
curl -fsSL https://bun.sh/install | bash. - Risk: Piped remote execution (
curl|bash) allows a remote server to execute any command on the host system. If the source (bun.sh) or the connection is compromised, an attacker can gain full control over the environment. Furthermore,bun.shis not included in the predefined list of trusted external sources, maintaining the highest severity level.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata