bunny-net
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with official Bunny.net API and storage endpoints (api.bunny.net, storage.bunnycdn.com) for content delivery and management. These interactions target a well-known service and are consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The Python service templates interpolate variables such as remote_path and local_path into file system operations and API requests, representing a potential indirect prompt injection surface. Evidence: 1. Ingestion points: remote_path and local_path variables in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions are present. 3. Capability inventory: File read access (open()) and network operations (PUT, DELETE, GET, POST). 4. Sanitization: The templates do not include path sanitization or input validation.
Audit Metadata