bunny
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its interaction with external data sources.
- Ingestion points: The skill reads data from storage zones, video libraries, and external origin URLs via tools like
curlandWebFetch(as documented inSKILL.mdandreferences/bunny-storage-and-stream-reference.md). - Boundary markers: Absent. There are no specific instructions to use delimiters or to ignore potential instructions embedded within the external data being processed.
- Capability inventory: The skill has extensive capabilities, including writing to the file system (
curl -o,node:fscalls), modifying infrastructure (DNS, CDN, and WAF configurations), and deploying code to edge scripts or containers. - Sanitization: No input validation or content sanitization logic is defined to inspect external data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill relies on
curland CLI commands for primary functionality across CDN, storage, and DNS management. This interface handles parameters (such as IDs, paths, and metadata) that could be influenced by external data or user-supplied input. - [EXTERNAL_DOWNLOADS]: The skill references several external packages and tools from trusted organizations and well-known service providers.
- Fetches GitHub Actions from
BunnyWay/actions/deploy(the official Bunny.net organization). - References software development kits (SDKs) such as
@anthropics/bunny-storage-sdkfrom a trusted organization, and@libsql/clientfor database connectivity. - Uses the
BunnyWay/bunnyTerraform provider for infrastructure as code.
Audit Metadata