bun-dev
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes a synchronization feature to fetch release notes and documentation from trusted domains bun.com and vercel.com. These downloads are used to update reference snapshots for the agent's knowledge base.
- [COMMAND_EXECUTION]: The bun-platform CLI executes shell commands via Bun.spawnSync to perform repository validation and apply configuration updates. These commands are typically used for running test suites, linters, and package installation within the development environment.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it analyzes untrusted files in the audited repository. 1. Ingestion points: Local repository files read via snapshot.readText in scripts/lib/bun-platform-core.ts. 2. Boundary markers: Absent. 3. Capability inventory: File writing (writeFileSync) and shell execution (Bun.spawnSync) in scripts/lib/bun-platform-core.ts. 4. Sanitization: Absent; content is extracted via regex and presented to the agent as code snippets.
Audit Metadata