Skills
skills/partme-ai/tauri-skills/tauri-app-creator/Gen Agent Trust Hub

tauri-app-creator

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation in 'examples/usage.md' encourages the use of 'tauri-plugin-creator' as an imported dependency. This package is not part of the official Tauri ecosystem (@tauri-apps/plugin-*) and does not follow the naming conventions associated with the vendor's ('partme-ai') verified resources. Using unverified third-party packages can lead to the execution of untrusted code.
  • [PROMPT_INJECTION]: The template 'templates/basic.md' interpolates user-provided data into instructions for project creation and configuration.
  • Ingestion points: Placeholders such as '{project_name}', '{frontend}', and '{dev_url}' in 'templates/basic.md'.
  • Boundary markers: None detected; user inputs are directly interpolated into the template strings.
  • Capability inventory: The skill facilitates the generation and execution of shell commands and project scaffolding scripts.
  • Sanitization: No evidence of input validation, escaping, or filtering before interpolation into the prompt/template.
  • [COMMAND_EXECUTION]: The skill's primary function (defined in 'SKILL.md') is to guide the user/agent through running shell commands for project creation ('Run the creation command') and development ('start the Tauri dev mode'). The lack of sanitization on the inputs for these commands increases the risk of accidental or malicious command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 02:16 PM