bun-validator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scans identified the high-risk pattern
curl -fsSL https://bun.sh/install | bash. This pattern allows an external server to execute arbitrary commands on the host machine, bypassing security checks. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads the Bun runtime from
bun.sh, which is not an approved trusted source according to the [TRUST-SCOPE-RULE]. This presents a supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The skill invokes a local script (
scripts/validate.py) and interacts with the shell to runbuncommands. Since the source code for the validator is not provided, the safety of the command construction cannot be verified. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Reads and parses
package.jsonand other monorepo configuration files from the local filesystem (referenced inSKILL.md). Boundary markers: No delimiters or 'ignore' instructions are used. Capability inventory: The agent executes thevalidate.pyscript and various CLI commands based on the validation results. Sanitization: No evidence of sanitization or validation of input data fields is present, allowing a malicious project file to potentially compromise the agent's reasoning.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
- AI detected serious security threats
Audit Metadata