Bun Nuxt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): Vulnerability surface detected in the file access template.
- Ingestion point: The 'name' parameter in 'server/api/files/[name].ts' is retrieved directly from the route via 'getRouterParam'.
- Boundary markers: No delimiters or validation logic exists to restrict the input to the intended directory.
- Capability inventory: The 'Bun.file().text()' method is used to read and return file contents to the requester.
- Sanitization: The input is not sanitized, allowing for path traversal attacks (e.g., using '..' to access files outside the intended directory).
Audit Metadata