tauri-mcp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and interact with untrusted data from a running Tauri application, creating a vulnerability surface for indirect injection attacks.
- Ingestion points: Data enters the agent context via element discovery (
tauri_webview_find_element), JavaScript execution returns (tauri_webview_execute_js), IPC command responses (tauri_ipc_execute_command), and system/console logs (tauri_read_logs). - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions when processing data from the target application.
- Capability inventory: The skill has powerful capabilities including executing arbitrary code in the webview, invoking host-level Rust commands, and writing screenshots to local file paths.
- Sanitization: Absent; the instructions do not suggest any validation or escaping of the data received from the application.
- [Dynamic Execution] (LOW): The skill explicitly uses
tauri_webview_execute_jsandtauri_ipc_execute_commandto perform testing tasks. While these are the primary intended functions of the skill, they represent a path for dynamic code execution that could be exploited if the agent follows instructions embedded in the application it is testing.
Audit Metadata