building-tauri-with-github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow includes steps that fetch and execute code from public third-party sources—e.g., piping remote scripts from https://sh.rustup.rs and https://deb.nodesource.com/setup_lts.x and using public GitHub Actions like tauri-apps/tauri-action and pguyot/arm-runner-action—which the runner will download and execute, exposing it to untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow includes runtime commands that fetch and pipe remote install scripts to a shell (curl https://sh.rustup.rs | sh and curl -fsSL https://deb.nodesource.com/setup_lts.x | bash), which executes remote code fetched from those URLs.