bun
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill explicitly includes the pattern 'curl -fsSL https://bun.sh/install | bash' for installation. Piped shell execution from an untrusted web source is a critical security risk that allows for arbitrary code execution on the user's system without prior inspection.
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill audits current project state by reading local files such as package.json and lockfiles. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill has the power to delete files (rm -rf), modify the repository (git checkout/commit), and execute arbitrary project scripts (bun install/test/run). 4. Sanitization: No validation is performed on the data read from the project. Malicious instructions inside a repository's metadata could hijack the agent's logic during the audit or migration phase.
- [External Downloads] (MEDIUM): The skill downloads the Bun binary from bun.sh, which is not included in the pre-approved list of trusted external sources.
- [Command Execution] (MEDIUM): The skill executes potentially destructive commands like 'rm -rf node_modules' and runs package manager commands that can execute arbitrary lifecycle scripts (postinstall) from the project being migrated.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
- AI detected serious security threats
Audit Metadata