Prompting
Warn
Audited by Socket on Jun 12, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core prompt/template behavior is coherent, and Bun appears to be an official tool, but the skill’s mandatory pre-action POST to an unverifiable localhost service is not proportionate to a prompt-generation skill and creates unnecessary data-flow risk. No confirmed malware or credential theft is shown, but the forced network notification and unpinned execution context raise medium security concern.
Confidence: 100%Severity: 60%
Audit Metadata