bunjang-search
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on
npx --yes bunjang-clifor its core functionality. This command automatically fetches the bunjang-cli package from the NPM registry during execution if it is not cached, introducing external code into the environment. - [REMOTE_CODE_EXECUTION]: By using
npx --yes, the skill executes code from a remote, unverified repository (pinion05/bunjangcli) without prior auditing or a version pin, which could lead to the execution of malicious logic if the package is compromised or updated. - [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands for searching, authentication, and data manipulation. The inclusion of interactive login flows (auth login) requires careful handling of user sessions.
- [PROMPT_INJECTION]: The skill processes data from the Bunjang marketplace (e.g., item descriptions, titles), which represents an indirect prompt injection surface. * Ingestion points: Search summaries and detailed item information retrieved from the Bunjang API. * Boundary markers: Absent. No delimiters or instructions are used to separate untrusted marketplace data from the agent's core instructions. * Capability inventory: The skill allows shell command execution via
npxand filesystem writes through the--outputflag. * Sanitization: There is no explicit sanitization or validation of the retrieved marketplace content.
Audit Metadata