building-tauri-with-github-actions
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill utilizes a highly dangerous pattern of piping remote web content directly into a shell interpreter (
curl ... | sh). This occurs with the Rust installation script fromhttps://sh.rustup.rs. Under the analysis framework, piped remote execution from a non-trusted source is classified as CRITICAL. - Remote Code Execution (CRITICAL): The skill executes a remote script from
https://deb.nodesource.com/setup_lts.xby piping it directly intobash. This provides the external source with full execution privileges on the agent's environment without any validation or integrity checks. - External Downloads (HIGH): The skill references and downloads content from
sh.rustup.rsanddeb.nodesource.com. Neither of these domains are included in the 'Trusted External Sources' list (which is limited to specific GitHub organizations and repositories like Anthropic, Google, and Microsoft), maintaining the severity at the highest level.
Recommendations
- HIGH: Downloads and executes remote code from: https://deb.nodesource.com/setup_lts.x, https://sh.rustup.rs - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata