bun-add
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs packages from external registries using 'bun add'. This action can trigger automatic execution of malicious scripts contained within a package's installation lifecycle hooks (e.g., postinstall).
- COMMAND_EXECUTION (MEDIUM): User-provided package names are interpolated directly into a bash command string. This creates a vulnerability where a malicious package name (e.g., containing shell metacharacters like ';') could lead to arbitrary command execution.
- PROMPT_INJECTION (LOW): Evidence Chain for Indirect Prompt Injection: 1. Ingestion points: The $PACKAGE variable used in the bash command. 2. Boundary markers: No delimiters or ignore-instructions markers are used. 3. Capability inventory: The skill has access to the Bash tool to run commands. 4. Sanitization: There is no sanitization or input validation logic present in the skill definition.
Audit Metadata