tauri-v2
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches development utilities and configuration templates from official and trusted repositories, including the Tauri documentation site (v2.tauri.app) and the Rust toolchain installer (rustup.rs).
- [COMMAND_EXECUTION]: Provides templates for the agent to execute project management commands via pnpm, npm, and cargo. This includes a surface for indirect prompt injection where user-supplied project names or identifiers are interpolated into shell commands.
- Ingestion points: User parameters for project name, manager, and identifier collected via instructions in SKILL.md.
- Boundary markers: None present in command templates.
- Capability inventory: Shell execution for project initialization, plugin management (tauri add), and build processes.
- Sanitization: The instructions do not explicitly require the agent to sanitize or validate user-provided strings before execution.
- [REMOTE_CODE_EXECUTION]: Utilizes npx and pnpm to download and run the latest tauri-app creation tools and official plugins, which is the standard and expected behavior for the Tauri development ecosystem.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata