Skills
NYC
skills/dchuk/claude-code-tauri-skills/setting-up-tauri-projects/Gen Agent Trust Hub

setting-up-tauri-projects

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs users to pipe remote scripts from untrusted domains directly into a shell, which is a classic RCE pattern.
  • Evidence: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh in SKILL.md.
  • Evidence: sh <(curl https://create.tauri.app/sh) in SKILL.md.
  • Evidence: irm https://create.tauri.app/ps | iex (PowerShell execution) in SKILL.md.
  • [COMMAND_EXECUTION] (HIGH): Promotes the execution of arbitrary system-level commands and package installations that modify the host environment.
  • Evidence: Numerous sudo apt install, cargo install, and npm create commands for system-wide toolchain setup.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): References external domains for software installation that are outside the allowed [TRUST-SCOPE-RULE].
  • Evidence: tauri.app and rustup.rs are used for script delivery but are not in the trusted organizations list.
  • [REMOTE_CODE_EXECUTION] (INFO): Automated scans flagged a malicious URL associated with main.rs. While the provided code snippet appears benign, the scanner signature UR09BDF6D942948297-0200 suggests potential blacklisted content in related project files.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://sh.rustup.rs, https://create.tauri.app/sh - DO NOT USE
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 09:57 PM