The Agent Skills Directory

[COMMAND_EXECUTION] (INFO): The skill provides numerous examples of shell commands for project initialization, monorepo management, and testing. These are standard development operations and do not involve unauthorized execution.
[EXTERNAL_DOWNLOADS] (LOW): The skill encourages the use of bunx and bun install, which download packages from the npm registry. While this involves remote code, it is the intended behavior of a package management tool and follows industry-standard developer workflows.
[DYNAMIC_EXECUTION] (LOW): Includes examples using Bun's shell API ($) to execute shell commands from within TypeScript. This is a feature of the runtime being documented and is presented in the context of creating deployment scripts.
[DATA_EXPOSURE] (INFO): The skill mentions committing lockfiles (bun.lockb) and managing package.json files, which is standard practice for reproducibility and does not involve the exposure of sensitive secrets or credentials.

bun-runtime