tauri-security-rules
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains a 'Memory Protocol' section that instructs the agent to runcat .claude/context/memory/learnings.md. This is a standard mechanism for maintaining stateful context across interactions and is not used for malicious exfiltration in this context.\n- [PROMPT_INJECTION]: The skill processes untrusted user code files, which is an inherent vulnerability surface for indirect prompt injection.\n - Ingestion points: User-provided source code files accessed via globs
src/**/*.{svelte,ts,tsx}.\n - Boundary markers: Absent; the skill does not define specific delimiters for user-provided code.\n
- Capability inventory: Access to
Read,Write, andEdittools, and command execution viacat.\n - Sanitization: No explicit sanitization or filtering of the code content is specified.\n- [SAFE]: The core instructions focus on enhancing security for Tauri applications, specifically recommending HTTPS, input validation, and careful management of the Tauri IPC allowlist.
Audit Metadata