onboarding
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Downloads and executes the Bun installation script from its official domain (bun.sh).
- [DATA_EXFILTRATION]: Accesses and processes sensitive user conversation history located in the
~/.claude/projects/directory to extract behavioral patterns and work context. - [COMMAND_EXECUTION]: Modifies the
~/.claude/settings.jsonconfiguration file to automatically grant broad permissions for specific file paths and tools, reducing user oversight for future operations. - [COMMAND_EXECUTION]: Utilizes a scheduling tool to establish persistent background tasks (cron jobs) for maintenance and automated reasoning.
- [PROMPT_INJECTION]: Analyzes external content from user-supplied URLs and social profiles, creating a surface for indirect prompt injection. Ingestion points: Web fetching and social profile analysis in Phase 3. Boundary markers: None present. Capability inventory: Shell command execution, configuration file modification, and task scheduling. Sanitization: No sanitization of the fetched external content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata