bun
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate guidance and documentation for the Bun runtime. No malicious instructions, obfuscation, or data exfiltration attempts were identified.
- [COMMAND_EXECUTION]: The documentation includes instructions for using
Bun.spawn()and the$tagged template literal for shell command execution. These are standard features of the Bun runtime for managing child processes and are presented as efficient alternatives to Node.js's child_process. - [EXTERNAL_DOWNLOADS]: The skill mentions
bunxfor executing packages from the npm registry, which is a standard package management feature similar tonpx.
Audit Metadata