Electrobun Init
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation facilitates a pattern where user-supplied strings (such as project names or template names) are used as arguments in shell commands like
electrobun init <project-name>. This creates a surface for indirect prompt injection or command injection if the underlying agent does not properly sanitize the input before executing the command. - Ingestion points: User-provided
<project-name>and<template-name>parameters described inSKILL.mdcommands. - Boundary markers: The skill does not provide explicit boundary markers or instructions to the agent to treat these inputs as untrusted data.
- Capability inventory: The skill instructions are built around the execution of shell-based CLI tools (
electrobun,bun). - Sanitization: There is no evidence of input validation or shell-escaping logic within the skill instructions to mitigate malicious user input.
- [COMMAND_EXECUTION]: The primary function of the skill involves directing the agent to run shell commands (
electrobun init,bun install,bun start). While these are standard development tasks for the Electrobun framework, the use of shell execution with arbitrary user parameters is a security risk factor.
Audit Metadata