bun-debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides a high-risk surface for indirect prompt injection by executing the contents of user-provided files. 1. Ingestion points: argument in SKILL.md. 2. Boundary markers: None (no instructions to ignore embedded code/prompts). 3. Capability inventory: Bash tool and Bun runtime execution. 4. Sanitization: None identified.
- [Command Execution] (HIGH): The skill uses the Bash tool to execute shell commands. It uses variables like $FILE, $PORT, and $PATTERN without validation, which can lead to arbitrary command execution if an attacker can manipulate these inputs via the agent context.
- [Dynamic Execution] (MEDIUM): The skill uses 'bun --inspect' to compile and execute TypeScript/JavaScript at runtime, which is a powerful capability that should be restricted to trusted local files.
Recommendations
- AI detected serious security threats
Audit Metadata