NYC

packaging-tauri-for-linux

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill includes a command in the snapcraft.yaml section that downloads a script from https://sh.rustup.rs and pipes it directly into the shell (| sh). This is a critical security risk as it executes unverified remote code without integrity checks.
  • COMMAND_EXECUTION (MEDIUM): The instructions frequently utilize sudo for system-level operations such as apt install, snap install, and snapcraft. This encourages executing broad commands with elevated privileges on the host system.
  • EXTERNAL_DOWNLOADS (LOW): The skill references and downloads external assets, including .deb packages from GitHub releases and the Rust toolchain, which introduces external dependencies into the build process.
  • DATA_EXFILTRATION (LOW): The RPM packaging section involves exporting GPG secret keys to a local file (private.key) and storing a passphrase in an environment variable. While common for signing, this pattern risks accidental exposure of sensitive cryptographic material.
  • PROMPT_INJECTION (LOW): The skill has an Indirect Prompt Injection surface (Category 8). It ingests untrusted configuration data from files like flatpak-builder.yaml and PKGBUILD to drive build commands (npm, cargo, ar). There are no boundary markers or sanitization steps to prevent malicious instructions embedded in these external build manifests from influencing agent behavior during the packaging process.
Recommendations
  • HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:57 PM