Skills
skills/0xraduan/raduan-plugins/tauri-scaffold/Gen Agent Trust Hub

tauri-scaffold

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill executes a Python script via uv run and passes user-provided arguments (app-name, display-name, bundle-id) directly into the shell command. A malicious user could provide a string like my-app\"; touch /tmp/pwned; # to escape the command context and execute arbitrary code on the system.
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted user data (App details) and uses it to drive high-privilege operations including Bash commands and Write operations. Evidence: (1) Ingestion points: User input in Step 1. (2) Boundary markers: Absent. (3) Capability inventory: Bash tool usage and file system writing. (4) Sanitization: None specified in the instructions.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructions lead to the execution of pnpm install, which downloads and installs numerous third-party dependencies from the npm registry. While expected for scaffolding, it represents a standard supply chain risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:37 PM