bun-package-manager
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill enables full Bash tool usage for executing scripts defined in package.json (e.g., bun run). A malicious project can use these scripts to perform indirect prompt injection, tricking the agent into executing destructive host commands.
- [REMOTE_CODE_EXECUTION] (HIGH): Supports downloading and running untrusted external code via 'bun add' and 'bun run'. This allows for the execution of arbitrary code from remote sources without prior verification or sandboxing.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Specifically provides patterns for downloading from arbitrary Git repositories (e.g., git@github.com:user/repo.git), increasing the risk of pulling in malicious dependencies not vetted by standard registries.
- [CREDENTIALS_UNSAFE] (MEDIUM): Includes instructions for configuring plain-text authentication tokens via shell commands (bun config set _authToken), which poses a risk of credential exposure in shell history, process logs, or agent memory.
Recommendations
- AI detected serious security threats
Audit Metadata