Skills
skills/beshkenadze/claude-code-tauri-skills/calling-frontend-from-tauri-rust/Gen Agent Trust Hub

calling-frontend-from-tauri-rust

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Insecure use of webview.eval() in the notify_frontend function. The code uses format!() to interpolate a string directly into a JavaScript execution context: format!("window.showNotification('{}')", message). If message contains characters like ', an attacker can break the string literal and execute arbitrary JavaScript code in the frontend (XSS/JS Injection).
  • [CREDENTIALS_UNSAFE] (LOW): The login function example contains hardcoded credentials (user == "tauri-apps" and password == "tauri"). While provided as a simplified guide example, it promotes insecure coding practices.
  • [EXTERNAL_DOWNLOADS] (LOW): The guide references the serialize-to-javascript crate in Cargo.toml. While this crate is intended to mitigate the injection issue mentioned above, the skill still presents the insecure format! method as a valid approach.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:20 PM