Bun Runtime
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill package consists entirely of Markdown reference documentation for the Bun runtime. No executable scripts, binaries, or automation logic are included within the skill files.
- COMMAND_EXECUTION (SAFE): All CLI command examples provided are for educational purposes, demonstrating standard usage of the Bun runtime (e.g., watch mode, hot reloading, and environment variable loading) without malicious intent or injection vectors.
- CREDENTIALS_UNSAFE (SAFE): The documentation for private registry authentication correctly uses environment variable placeholders (e.g., $npm_token, $npm_password) rather than providing hardcoded secrets, adhering to security best practices.
- EXTERNAL_DOWNLOADS (SAFE): While the documentation describes the use of Bun's package manager and remote registries, the skill itself does not initiate any unauthorized downloads or remote code execution.
Audit Metadata