The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Automated security scans identified a malicious URL within the main.rs file (ID: URL:Blacklist|UR09BDF6D942948297-0200). This indicates the inclusion of blacklisted remote resources in the skill's code components.
[EXTERNAL_DOWNLOADS]: The documentation includes instructions for installing development tools like Rust and Homebrew via curl | sh pipes targeting well-known sources (sh.rustup.rs and github.com). While these sources are generally trusted, the pattern itself is a vector for remote code execution.
[COMMAND_EXECUTION]: The skill guides users and agents to perform high-privilege system operations, such as installing dependencies via sudo and executing sidecar binaries. These are legitimate for the developer use-case but provide significant leverage if the skill is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It allows an agent to read and process local project files (source code, configurations) which may contain malicious instructions. The skill lacks boundary markers and sanitization to prevent these instructions from hijacking the agent, which is particularly risky given the skill's extensive filesystem, shell, and network capabilities.
[DATA_EXFILTRATION]: While the skill includes educational warnings against risky filesystem access (e.g., reading SSH keys), the confirmed detection of a malicious URL in the backend code combined with broad system permissions poses a high risk of unauthorized data exposure and exfiltration.

tauri-dev