tauri-framework-upgrade
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides official links to Tauri migration documentation on the well-known domain
v2.tauri.app.- [EXTERNAL_DOWNLOADS]: Theexamples/usage.mdfile references a non-standard third-party packagetauri-plugin-tauri-framework-upgrade. This package is not part of the official Tauri ecosystem, and its source cannot be verified.- [REMOTE_CODE_EXECUTION]: Example code snippets inexamples/usage.mdinstruct the user or agent to import and initialize the unverifiedtauri-plugin-tauri-framework-upgradepackage, which results in the execution of code from an external, untrusted source.- [COMMAND_EXECUTION]: The skill demonstrates the use of theinvokecommand to call plugin-side functionality, which executes logic on the host system via the Tauri IPC bridge.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted project data (e.g.,tauri.conf.json,capabilities/default.json) and lacks specific boundary markers or sanitization procedures to prevent malicious instructions embedded in those files from influencing the agent's behavior during the upgrade process.
Audit Metadata