fix-bun
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes shell commands such as
rm,sed, andbun installto automate migration. These are standard operations for the tool's purpose but involve the risk associated with script execution and file modification. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted content from
package.jsonand CI workflows, which could theoretically contain malicious instructions designed to influence the agent. - Ingestion points:
package.json,.github/workflows/*.yml, and output from the/check-buncommand. - Boundary markers: None present; the skill lacks delimiters or 'ignore' instructions for embedded content.
- Capability inventory: File system removal (
rm), line-based editing (sed), and package installation/execution (bun install,bun test). - Sanitization: No explicit sanitization or input validation is performed on ingested data.
- EXTERNAL_DOWNLOADS (LOW): The skill references the
oven-sh/setup-bunGitHub Action. This is a third-party dependency from an external source not included in the trusted organizations list.
Audit Metadata