Skills
skills/partme-ai/full-stack-skills/tauri-window/Gen Agent Trust Hub

tauri-window

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The usage examples in examples/usage.md reference the package tauri-plugin-tauri-window. This is an unverified third-party package that is not part of the official @tauri-apps scope or the vendor's recognized naming patterns. Recommending unverified dependencies introduces supply chain risks.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to import and initialize code from an untrusted source (tauri-plugin-tauri-window). Executing initialization functions (init()) from unverified third-party packages can lead to arbitrary code execution if the package is malicious.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through its template system.
  • Ingestion points: Variable placeholders {label}, {title}, {width}, {height}, and {decorations} in templates/basic.md.
  • Boundary markers: None provided to isolate untrusted input within the generated configuration strings.
  • Capability inventory: The skill provides guidance for system-level window management and configuration.
  • Sanitization: No validation or escaping is applied to user-provided data before interpolation into templates.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 10:14 AM