tauri-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The installation and setup instructions require the agent or user to execute various shell commands, including
cargo addfor Rust crates andnpxfor Node.js packages. - [REMOTE_CODE_EXECUTION]: The
webview_execute_jstool allows for the execution of arbitrary JavaScript within the target application's webview context. Additionally,ipc_execute_commandenables direct invocation of any registered Tauri command on the backend. These features are intended for deep debugging and automation but represent high-privilege operations. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) due to its data processing workflows.
- Ingestion points: Untrusted data enters the agent context via
webview_dom_snapshot(DOM structure),webview_screenshot(visual data), andread_logs(application logs). - Boundary markers: The skill instructions do not specify the use of strict boundary markers or 'ignore' instructions when processing external webview content.
- Capability inventory: The skill includes high-impact tools such as
webview_execute_js,ipc_execute_command, andmanage_windowwhich could be misused if a malicious instruction is followed. - Sanitization: No explicit sanitization or filtering logic is documented for the data ingested from the application's runtime environment.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of external dependencies, specifically the
@hypothesi/tauri-mcp-serverNPM package and thetauri-plugin-mcp-bridgeRust crate, which are necessary for the bridge functionality.
Audit Metadata