electrobun
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the instructions or provided code patterns.
- [EXTERNAL_DOWNLOADS]: The skill mentions cloning the repository from a public GitHub source and downloading framework-related assets, which are standard developer activities for installation.
- [COMMAND_EXECUTION]: Provides implementation patterns for using
Bun.spawn()to execute local Python strategy scripts. This is documented as a core feature of the trading platform architecture and includes appropriate context for process isolation. - [DATA_EXFILTRATION]: Documents integration with legitimate financial broker APIs (e.g., Zerodha Kite) via HTTPS and WebSockets for market data and order management. No unauthorized or suspicious exfiltration patterns were identified.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by teaching users how to implement encryption at rest (AES-256-GCM) and macOS Keychain integration for managing sensitive API keys and secrets, rather than using hardcoded credentials.
Audit Metadata