bun-dev
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The 'File Serving' pattern in
references/server-patterns.mddemonstrates a path traversal vulnerability. It constructs a file path by directly concatenating a base directory string with the unsanitizedurl.pathnamefrom a request (e.g.,./public${url.pathname}). An attacker can use directory traversal sequences like..to access sensitive files outside of the intended directory. - [COMMAND_EXECUTION] (LOW): The skill contains multiple templates for starting network services and handling process-level signals using
Bun.serveandprocess.on. While these are standard development patterns, they define the agent's capability to manage network-facing processes and local system resources.
Recommendations
- AI detected serious security threats
Audit Metadata