workers-dev-experience
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill uses a piped shell script for installation (
curl -fsSL https://bun.sh/install | bash). This is a high-risk pattern that executes unverified remote code directly in the shell. Although Bun is a reputable tool, its source domain is not listed in the trusted whitelist, maintaining its high severity. - COMMAND_EXECUTION (MEDIUM): The skill relies on executing various CLI tools (
bunx,wrangler,tsc) which have broad permissions to modify the local environment and interact with the network. - EXTERNAL_DOWNLOADS (LOW): Multiple dependencies are downloaded from external registries (NPM via Bun). While these are standard for Cloudflare development, they represent an external dependency chain.
- PROMPT_INJECTION (LOW): Debugging tools in
references/debugging-tools.mdlog untrusted data from incoming HTTP requests (request.headers,request.cf) without sanitization, establishing a surface for indirect prompt injection or log poisoning. Evidence: 1. Ingestion points:request.headers,request.cfinreferences/debugging-tools.md. 2. Boundary markers: Absent. 3. Capability inventory:fetch(network),console.log(stdout). 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata