tauri-mcp-cli
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
tauri-mcpCLI tool to manage Tauri driver sessions, capture UI state, and perform automation tasks via terminal commands. - [REMOTE_CODE_EXECUTION]: The
tauri-mcp webview-execute-jscommand enables the dynamic execution of arbitrary JavaScript scripts within the application's webview context. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it ingests untrusted data from the application and provides tools to execute actions based on that data. 1. Ingestion points: The agent can read potentially attacker-controlled data via
tauri-mcp read-logs,tauri-mcp webview-find-element, andtauri-mcp ipc-get-captured(SKILL.md). 2. Boundary markers: There are no instructions or delimiters provided to distinguish untrusted application data from the agent's core instructions. 3. Capability inventory: The skill provides powerful interaction capabilities, includingtauri-mcp webview-execute-js,tauri-mcp ipc-execute-command, and various UI interaction tools (SKILL.md). 4. Sanitization: No sanitization, escaping, or validation of the data retrieved from the application is described before it is used in subsequent automation commands.
Audit Metadata