setting-up-tauri-projects
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Multiple instances of downloading and executing scripts directly from remote URLs using high-risk patterns. These domains (sh.rustup.rs and create.tauri.app) are not within the defined [TRUST-SCOPE-RULE] whitelist, necessitating a CRITICAL verdict.
- Evidence:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shused for Rust installation. - Evidence:
sh <(curl https://create.tauri.app/sh)used for project scaffolding. - Evidence:
irm https://create.tauri.app/ps | iexused for PowerShell execution on Windows. - [COMMAND_EXECUTION] (HIGH): The skill instructs the user or agent to use
sudofor installing system dependencies across various Linux distributions, which can lead to unauthorized privilege escalation if not strictly monitored. - Evidence:
sudo apt install,sudo pacman -S, andsudo dnf installcommands in the Linux setup section. - [REMOTE_CODE_EXECUTION] (MEDIUM): Routine but significant installation and execution of remote code via package managers without version pinning.
- Evidence:
npm create tauri-app@latestandcargo install create-tauri-app --locked. - [INFO]: The automated scanner's alert regarding
main.rsis evaluated as a false positive, as it refers to a standard Rust entry-point file path in the documentation and does not contain malicious logic in the provided context.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://sh.rustup.rs, https://create.tauri.app/sh - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata