The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Arbitrary JavaScript execution in the application context.
Evidence: The webview_execute_js tool allows the execution of arbitrary JavaScript scripts within the WebView, granting full access to the DOM and exposed Tauri APIs.
[COMMAND_EXECUTION]: Direct invocation of backend logic and simulated user input.
Evidence: The ipc_execute_command tool enables the agent to call any registered Tauri command on the Rust backend, explicitly bypassing frontend validations.
Evidence: webview_interact and webview_keyboard tools allow the agent to simulate complex user interactions, which can trigger any application functionality.
[DATA_EXFILTRATION]: High-exposure access to sensitive application data and logs.
Evidence: The read_logs tool provides access to WebView console logs, system logs, and mobile device logs (Android/iOS).
Evidence: The ipc_get_captured tool monitors and records IPC traffic, including command arguments and responses which may contain PII or secrets.
Evidence: webview_screenshot captures the visual state of the application, potentially exposing sensitive on-screen information.
[EXTERNAL_DOWNLOADS]: Dependency on third-party packages from external registries.
Evidence: Installation instructions require downloading @hypothesi/tauri-mcp-server from npm and tauri-plugin-mcp-bridge from Cargo.
[PROMPT_INJECTION]: Vulnerability to indirect prompt injection via application data.
Ingestion points: read_logs (multiple sources), webview_dom_snapshot (DOM accessibility/structure), ipc_get_captured (captured IPC events).
Boundary markers: None identified in tool instructions or parameter schemas.
Capability inventory: High-risk tools including webview_execute_js, ipc_execute_command, and webview_interact are available to the agent.
Sanitization: No sanitization or filtering of ingested external content is described before the data is processed by the agent.

tauri-mcp-bridge