The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides instructions to execute remote scripts for environment setup and project scaffolding.
Evidence: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh in examples/start/installation.md for Rust installation.
Evidence: sh <(curl https://create.tauri.app/sh) in examples/start/installation.md for Tauri project creation.
[EXTERNAL_DOWNLOADS]: Fetches configuration and toolchain components from official and well-known domains.
Evidence: References to sh.rustup.rs and create.tauri.app for initial setup.
Evidence: System package installation via apt for Linux dependencies in examples/start/prerequisites.md.
[COMMAND_EXECUTION]: Provides extensive documentation and templates for utilizing the tauri-app-shell plugin to spawn sidecar processes and execute system-level commands.
Evidence: The tauri-app-shell sub-skill entry in SKILL.md explicitly lists spawning sidecars and running system commands as capabilities.
[DATA_EXFILTRATION]: Documents the use of tauri-app-http-client for Rust-based network requests that bypass browser CORS restrictions.
Evidence: The tauri-app-http-client entry in SKILL.md and related documentation in api/ sections.
[PROMPT_INJECTION]: Analyzed for potential indirect prompt injection vulnerability surfaces.
Ingestion points: templates/project-setup.md and templates/configuration.md use placeholders (e.g., {project_name}, {dev_url}) intended for interpolation of user-supplied data into project files.
Boundary markers: Absent; templates do not include specific delimiters or instructions to ignore embedded commands in the interpolated data.
Capability inventory: The skill documents high-privilege capabilities including tauri-app-shell (command execution), tauri-app-file-system (sandboxed file access), and tauri-app-http-client (network operations).
Sanitization: No explicit validation or sanitization logic is provided in the templates for the placeholder values.

tauri