bun-outdated
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill presents a high-severity indirect prompt injection surface. It ingests data from external registries (via 'bun outdated') and possesses high-privilege execution capabilities ('bun update'). * Ingestion points: Output of 'bun outdated' (npm registry data). * Boundary markers: Absent. * Capability inventory: Bash tool usage for package updates and installation. * Sanitization: None.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'bun update' command downloads and executes third-party code from the npm registry. While this is a standard developer workflow, it constitutes unverified remote code execution when performed by an autonomous agent.
- [COMMAND_EXECUTION] (MEDIUM): The skill allows for a 'package' argument that is interpolated into a shell command ('bun update '). There are no instructions or mechanisms provided to sanitize this input, creating a potential vector for shell command injection.
Recommendations
- AI detected serious security threats
Audit Metadata