tauri-ipc
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes a documentation template in 'templates/basic.md' that is vulnerable to indirect prompt injection. \n
- Ingestion points: The template interpolates user-controlled variables such as {command}, {fields}, {file}, and {policy}. \n
- Boundary markers: No delimiters, XML tags, or instruction-following constraints are present around the placeholders to isolate untrusted input. \n
- Capability inventory: The skill is designed to generate architectural code and contracts for inter-process communication, which is a security-critical boundary. \n
- Sanitization: No input validation or escaping logic is defined for the placeholders. \n- [EXTERNAL_DOWNLOADS]: The 'examples/usage.md' file references an unverified package 'tauri-plugin-tauri-ipc'. While it appears in a documentation context, suggesting unknown or non-standard packages without provenance can lead users to install malicious code.
Audit Metadata