bun-install
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted data from a package.json file to drive tool execution. \n
- Ingestion points: The skill uses Bash to locate and read package.json and lock files from the working directory. \n
- Boundary markers: No delimiters or isolation instructions are provided to prevent the agent from being influenced by instructions or malicious scripts embedded in the package file. \n
- Capability inventory: The skill uses the Bash tool to execute bun install and bun run prepare, providing a high-privilege execution environment for untrusted data. \n
- Sanitization: There is no validation or sanitization of the scripts defined in the package file before execution. \n- [Command Execution] (MEDIUM): The skill explicitly executes bun run prepare. This allows for the execution of arbitrary shell commands defined in the project's lifecycle hooks, which can be easily abused by an attacker. \n- [External Downloads] (MEDIUM): The skill performs bulk installation of external packages. While the package manager is standard, the specific dependencies are controlled by the untrusted input file, which may contain malicious code or typosquatted packages.
Recommendations
- AI detected serious security threats
Audit Metadata