Skills
skills/dexploarer/plugin-electrobun-dev/electrobun-build/Gen Agent Trust Hub

electrobun-build

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various system-level commands for environment setup and application bundling. These include xcode-select --install, brew install, apt-get install, and macOS-specific security and xcrun tools for certificate management and notarization.
  • [EXTERNAL_DOWNLOADS]: Fetches required build tools and libraries from well-known official sources, including Homebrew for macOS and APT repositories for Ubuntu Linux, to satisfy toolchain prerequisites.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent processes project-specific files such as electrobun.config.ts and source files in src/ (e.g., src/bun/index.ts) to determine build parameters.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded within these project files.
  • Capability inventory: The skill utilizes shell execution for package management (apt-get, brew), keychain manipulation (security), and app signing/notarization (xcrun, notarytool).
  • Sanitization: There is no evidence of input validation or sanitization for values extracted from project configurations before they are used in command-line operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 02:51 AM
Security Audit — agent-trust-hub — electrobun-build