Bun WebSocket Server
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected.
- Obfuscation (SAFE): No encoded content or hidden characters were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on built-in Bun APIs and does not include external package installations or remote script execution.
- Privilege Escalation (SAFE): No commands for acquiring elevated permissions (e.g., sudo) were found.
- Persistence Mechanisms (SAFE): No attempts to maintain access across sessions (e.g., modifying shell profiles) were detected.
- Metadata Poisoning (SAFE): Metadata fields are descriptive and match the skill's purpose.
- Indirect Prompt Injection (SAFE): While the skill handles external data (WebSocket messages), it provides standard server-side patterns and does not expose the agent to untrusted command execution.
- Time-Delayed / Conditional Attacks (SAFE): No conditional logic gating malicious behavior was detected.
- Dynamic Execution (SAFE): No use of eval(), exec(), or other dynamic code execution patterns was found.
Audit Metadata