bun
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of reference documentation for the Bun runtime. It details system-level capabilities that are expected and necessary for a programming language runtime, such as file system access and networking.
- [COMMAND_EXECUTION]: Describes the Bun Shell and process spawning APIs (Bun.$ and Bun.spawn). The documentation includes security considerations regarding shell injection and the use of auto-escaping.
- [EXTERNAL_DOWNLOADS]: Documents features that fetch external content, such as the bun install package manager and bun create template system, which use established registries like npm and GitHub.
- [REMOTE_CODE_EXECUTION]: Provides instructions for the Foreign Function Interface (bun:ffi) and the built-in C compiler (cc), allowing the execution of native or compiled code as part of legitimate application development.
- [DATA_EXFILTRATION]: Outlines standard APIs for outbound network connections, including fetch, Redis, and S3 storage, which are tools for data management rather than unauthorized exfiltration.
Audit Metadata