Bun Shell
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill's primary purpose is to teach the agent how to use Bun's shell and spawn capabilities. The examples provided are standard for build scripts, deployment workflows, and Git management. The guide explicitly highlights that Bun's shell template literal uses safe interpolation to escape variables, which is a security best practice for command execution.
- [PROMPT_INJECTION] (SAFE): There are no instructions in the markdown or code comments that attempt to bypass AI safety filters or override system prompts.
- [DATA_EXFILTRATION] (SAFE): No hardcoded secrets, API keys, or access to sensitive system paths (like ~/.ssh or ~/.aws) are present in the documentation. Network commands mentioned (like rsync) are for illustrative deployment purposes.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions package managers like npm and bun for standard developer tasks but does not contain patterns for downloading and executing untrusted remote scripts (curl | bash).
Audit Metadata