tauri
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and technical resource for Tauri 2 development. It does not contain malicious code or patterns.
- [EXTERNAL_DOWNLOADS]: The documentation references official Tauri plugins and well-known ecosystem libraries (Firebase, Google APIs, common React state management). It also mentions a community plugin for In-App Purchases (@choochmeque/tauri-plugin-iap-api), which is appropriately identified as such for developer choice.
- [COMMAND_EXECUTION]: The skill provides patterns for using the Tauri shell plugin to spawn child processes and sidecars. It includes critical security guidance on using explicit scopes and validators to prevent arbitrary command execution.
- [CREDENTIALS_SAFE]: The documentation provides best practices for managing sensitive data, such as advising against storing access tokens in localStorage and demonstrating how to use CI/CD secrets for code signing instead of committing them to version control.
- [PROMPT_INJECTION]: The skill includes security checklists for OAuth flows, emphasizing the mandatory validation of the state parameter and the use of PKCE to prevent CSRF and token leakage.
Audit Metadata