bun-lockfile-update
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill utilizes the Bash tool to execute standard Bun CLI commands such as
bun updateandbun install. These operations are well-scoped to the task of dependency management. - [Remote Code Execution] (SAFE): No patterns for downloading and executing untrusted remote scripts (e.g.,
curl | bash) were found. The use ofnpx depcheckis a standard development practice for identifying unused dependencies. - [Data Exposure] (SAFE): The skill interacts only with standard project files (
package.json,bun.lockb) and does not target sensitive system directories or credentials. - [Obfuscation] (SAFE): No evidence of encoded commands, hidden characters, or other obfuscation techniques.
- [Indirect Prompt Injection] (SAFE): The skill interacts with external project files. Evidence Chain: 1. Ingestion points: package.json, bun.lockb; 2. Boundary markers: Absent; 3. Capability inventory: Bash, Read, Grep, Glob; 4. Sanitization: Absent. This risk is inherent to dependency management and is considered safe for this use-case.
Audit Metadata