Skills
AGENT LAB: SKILLS
skills/lammesen/skills/bun-expert/Gen Agent Trust Hub

bun-expert

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): Confirmed detection of piped remote execution via curl -fsSL https://bun.sh/install | bash. This executes unverified code from an external domain that is not on the trusted sources list.
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads and executes scripts from bun.sh. Since this domain is not a verified trusted source (e.g., official GitHub organizations like Google or Microsoft), the integrity of the downloaded content cannot be guaranteed.
  • PROMPT_INJECTION (LOW): scripts/lint-check.sh is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: The script reads raw tool input from stdin via input=$(cat) and parses it with jq to extract file_path.
  • Boundary markers: None. There are no delimiters or instructions to ignore embedded commands in the processed data.
  • Capability inventory: The script executes biome, eslint, and prettier on the provided file path.
  • Sanitization: While it uses jq -r and shell quoting, it lacks validation to prevent path traversal or ensure the target file is within an expected directory.
  • COMMAND_EXECUTION (LOW): scripts/test-runner.sh executes bun test, which runs code defined in the project's test files. This is a standard but high-privilege capability that could be exploited by malicious project files.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:00 PM