embedding-tauri-sidecars

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This is an instructional skill/document that correctly documents how to embed and execute trusted sidecar binaries in Tauri apps. There is no evidence of obfuscated or malicious code in the provided text. The main security risk is inherent to the capability: executing bundled binaries can lead to arbitrary code execution on users' machines if those binaries are untrusted or if argument/permission policies are too permissive. The documentation does note mitigations (capabilities, argument validators), but developers must follow those recommendations and avoid allowing arbitrary args or bundling unvetted binaries. LLM verification: This is benign documentation explaining how to embed and run sidecars in Tauri. There is no direct malicious code in the provided file. However, the capability it documents (executing embedded native binaries) is high-risk by design: if sidecar binaries are malicious or the build pipeline is compromised, attackers gain native code execution. Practical concerns found: inconsistent examples that could lead to misconfiguration, unpinned frontend dependency (supply-chain risk), lack of explicit inpu