tauri-app-localhost
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for using the Tauri v2 localhost plugin, referencing official documentation from a well-known source (tauri.app).
- [SAFE]: Example code in
examples/usage.mddemonstrates standard Tauri API usage, including plugin initialization and IPC communication throughinvokeandemit. - [SAFE]: The
capabilities.jsontemplate follows the standard Tauri capability schema and requests limited, specific permissions appropriate for the plugin's functionality. - [SAFE]: The instructions in
SKILL.mdemphasize security best practices, such as environment separation (dev vs production) and auditing access patterns to ensure minimal exposure. - [SAFE]: The skill represents a surface for indirect prompt injection (Category 8) as it processes data from local services, but it includes explicit guidance on validating exposure and managing security boundaries.
- Ingestion points: Data retrieved from local services via the Tauri localhost plugin.
- Boundary markers: Guidance focuses on environment separation; standard Tauri IPC boundaries apply.
- Capability inventory: Tauri IPC interaction (
invoke,emit) as detailed inexamples/usage.md. - Sanitization: The skill prompts for validation of minimal exposure and auditing access patterns.
Audit Metadata