tauri-app-opener
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for the secure implementation of the Tauri opener plugin. It mandates defining allowlists for protocols and paths to prevent unauthorized access to the filesystem or external resources.
- [EXTERNAL_DOWNLOADS]: The skill references official documentation from the well-known Tauri project (v2.tauri.app) and incorporates standard ecosystem packages like @tauri-apps/api and tauri-plugin-opener.
- [SAFE]: An indirect prompt injection surface is identified where the skill handles external URLs and file paths. The skill explicitly mitigates this by requiring strict validation and allowlisting as part of the implementation guidance. Ingestion points: external link and file handling (SKILL.md). Boundary markers: instructions for allowlisting and safe wrappers (SKILL.md). Capability inventory: permissions for opening URLs, paths, and revealing directory items (templates/capabilities.json). Sanitization: emphasis on implementation of safe open APIs with strict validation (SKILL.md).
Audit Metadata