tauri-create
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill constructs shell commands using project names provided by the user, creating a vulnerability to command injection if input is not sanitized.
- EXTERNAL_DOWNLOADS (HIGH): The skill executes pnpm create and pnpm install to fetch and run code from the npm registry. This constitutes high-risk remote code execution without integrity checks.
- PROMPT_INJECTION (HIGH): Category 8 (Indirect Prompt Injection). Ingestion points: Current directory files. Boundary markers: Absent. Capability inventory: Shell execution and file writing. Sanitization: Absent. This surface allows directory content to influence generated AI instructions.
Recommendations
- AI detected serious security threats
Audit Metadata