packaging-tauri-for-linux
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The snapcraft.yaml section includes a command to curl a script from sh.rustup.rs and pipe it directly to sh, which bypasses security inspection and is a known attack vector.
- [COMMAND_EXECUTION] (HIGH): The skill frequently instructs the use of sudo for package installation and system configuration (apt, snap), which poses a privilege escalation risk if automated by an agent.
- [CREDENTIALS_UNSAFE] (HIGH): The RPM signing section instructs the user to export a private.key file's contents into an environment variable, representing a sensitive data exposure pattern.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple sections (Flatpak, AUR) reference downloading artifacts from external GitHub repositories without integrity verification, often using 'SKIP' for checksums in examples.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://sh.rustup.rs - DO NOT USE
- AI detected serious security threats
Audit Metadata