bun
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill references official documentation at bun.com. These are well-known resources for the software being described.
- [COMMAND_EXECUTION]: The skill provides a reference for standard Bun CLI commands (e.g.,
bun run,bun install,bun test). These commands are typical for JavaScript development workflows. - [EXTERNAL_DOWNLOADS]: The skill describes standard package management operations which fetch dependencies from official registries. This is expected behavior for a developer tool skill.
- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill instructions guide the agent to run and test user-provided code. However, the skill includes a security note regarding lifecycle scripts and recommends using
trustedDependenciesfor safer execution.
Audit Metadata