bun-usage
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (HIGH): The skill instructs the agent to install the Bun runtime using 'curl -fsSL https://bun.sh/install | bash' in SKILL.md and references/setup-and-best-practices.md. Piped remote execution is a high-risk pattern that executes unverified code with shell privileges. Although this is a primary function of the skill, the source domain (bun.sh) is not on the pre-approved trusted list.
- Command Execution (MEDIUM): The skill frequently executes 'bun run', 'bun install', and 'bun build' commands. These operations execute arbitrary logic defined in local configuration files (e.g., package.json scripts) which can be manipulated by an attacker.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from project files to determine its execution flow, creating a vulnerability surface.
- Ingestion points: The skill reads 'package.json', 'bunfig.toml', and source files to discover scripts and workspace configurations.
- Boundary markers: Absent. There are no instructions for the agent to ignore or sanitize instructions embedded within the processed project files.
- Capability inventory: The skill can execute shell commands, install dependencies, and download/execute remote scripts.
- Sanitization: Absent. Script names and paths from project files are passed directly to the Bun CLI without validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata