Bun Hot Reloading
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [NO_CODE] (SAFE): This skill contains only documentation and example code for local development; no executable scripts are shipped with the skill itself.
- [DATA_EXFILTRATION] (SAFE): Investigation of the automated scanner alert for 'clients.de' confirms it is a false positive triggered by the syntax 'clients.delete(ws)'. No network requests to the domain 'clients.de' are present.
- [DYNAMIC_EXECUTION] (SAFE): The skill demonstrates the use of dynamic imports (import()) for cache-busting during hot reloads. While Category 10 identifies dynamic loading from computed paths as a medium risk, in the context of development tools and HMR, this is a standard and safe practice.
- [COMMAND_EXECUTION] (SAFE): All command-line examples (e.g., 'bun --watch', 'bunx vite') are standard development workflows for the Bun runtime and present no security risk.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata