Skills
skills/ahmed-lotfy-dev/turborepo-vite-elysia-spa/bun-monorepo-vite-elysia-spa/Gen Agent Trust Hub

bun-monorepo-vite-elysia-spa

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill identifies 'ahmed-lotfy-dev/elysia-core-backend' as its primary source of truth for backend wiring. This is a personal GitHub repository not belonging to a trusted organization. Use of unvetted external code for security implementations like Better Auth, CSRF, and security headers introduces supply chain risk.
  • COMMAND_EXECUTION (LOW): Uses 'bun create' and 'bun install'. While these are standard tools, they execute remote code from registries.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill has high capability surface (writing files and executing shell commands) and follows external patterns without explicit boundary markers. Evidence Chain: 1. Ingestion points: External patterns from the 'ahmed-lotfy-dev' repository. 2. Boundary markers: Absent. 3. Capability inventory: 'bun create', 'bun install', and file-writing. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 08:25 PM