bun-elysia
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill documents an attack surface consisting of multiple HTTP and WebSocket ingestion points but mitigates the risk through strict schema enforcement.\n
- Ingestion points: Request body, query strings, path parameters, and WebSocket messages defined across
SKILL.md,core.md, andwebsocket.md.\n - Boundary markers: The skill consistently utilizes the Elysia
t(TypeBox) utility to define structured data schemas, ensuring untrusted input is validated before being processed by the application logic.\n - Capability inventory: Handlers include capabilities for database querying via
bun:sqland static file serving via@elysiajs/static.\n - Sanitization: Schemas enforce data types, lengths, and formats (e.g.,
format: 'email'), and theonErrorhook invalidation.mddemonstrates how to handle validation failures securely.\n- [EXTERNAL_DOWNLOADS] (SAFE): Installation steps refer only to standard, well-known packages from the npm registry using thebun addcommand.\n- [CREDENTIALS_UNSAFE] (SAFE): Code samples correctly demonstrate using environment variables (process.env.JWT_SECRET) for secrets, preventing the exposure of hardcoded credentials.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata