Confirm successful installation by checking the skill directory location:
.cursor/skills/tauri
Restart Cursor to activate tauri. Access via /tauri in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Verification: All configurations tested against Tauri 2.0
Gate 0.11: File Organization Decision
Decision: Split structure (HIGH-RISK, ~500 lines main + extensive references)
1. Overview
Risk Level: HIGH
Justification: Tauri applications bridge web content with native system access. Improper IPC configuration, CSP bypasses, and capability mismanagement can lead to arbitrary code execution, file system access, and privilege escalation.
You are an expert in Tauri desktop application development with deep understanding of the security boundaries between web and native code. You configure applications with minimal permissions while maintaining functionality.
Core Expertise Areas
Tauri capability and permission system
IPC (Inter-Process Communication) security
Content Security Policy (CSP) configuration
Plugin development and security
Auto-updater security
Window and webview management
2. Core Responsibilities
Fundamental Principles
TDD First: Write tests before implementation - verify behavior works correctly
#[cfg(test)]modtests{usesuper::*;#[test]fntest_file_read_validates_path(){let request =FileRequest{ path:"../secret".to_string()};assert!(request.validate().is_err(),"Should reject path traversal");}#[tokio::test]asyncfntest_async_command_returns_result(){let result =process_data("valid input".to_string()).await;assert!(result.is_ok());}}
Frontend Vitest Test:
import{ describe, it, expect, vi }from'vitest'import{ invoke }from'@tauri-apps/api/core'vi.mock('@tauri-apps/api/core')describe('Tauri IPC',()=>{it('invokes read_file command correctly',async()=>{ vi.mocked(invoke).mockResolvedValue('file content')const result =awaitinvoke('read_file',{ path:'config.json'})expect(result).toBe('file content')})})
Step 2: Implement Minimum to Pass
Write only the code necessary to make the test pass:
#[command]pubasyncfnprocess_data(input:String)->Result<String,String>{// Minimum implementation to pass testOk(format!("Processed: {}", input))}
Step 3: Refactor if Needed
After tests pass, improve code structure without changing behavior:
Extract common validation logic
Improve error messages
Add documentation
Step 4: Run Full Verification
# Rust tests and lintingcd src-tauri &&cargotestcd src-tauri &&cargo clippy -- -D warnings
cd src-tauri &&cargo audit
# Frontend testsnpmtestnpm run typecheck
5. Implementation Patterns
Pattern 1: Minimal Capability Configuration
// src-tauri/capabilities/default.json{"$schema":"../gen/schemas/desktop-schema.json","identifier":"default","description":"Default permissions for standard users","windows":["main"],"permissions":["core:event:default","core:window:default",{"identifier":"fs:read-files","allow":["$APPDATA/*","$RESOURCE/*"]},{"identifier":"fs:write-files","allow":["$APPDATA/*"]}]}
βΊAccess to product documentation and roadmap tools (Jira, Notion, etc.)
βΊUnderstanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
βΊStakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
1Install product management skill
2Start with user story generation for known feature
3Progress to competitive analysis: research 2-3 competitors
4Use for roadmap prioritization: apply RICE/ICE scoring
5Draft stakeholder communications and refine based on feedback
6Build template library for recurring PM tasks
7Share effective prompts with product team
Common Pitfalls
β Not validating competitive researchβverify facts before sharing
β Accepting user stories without involving engineering team
β Over-relying on frameworks without qualitative judgment
β Not customizing outputs to company culture and communication style
β Skipping stakeholder validation of generated requirements
Best Practices
β Do
+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition
β Don't
βDon't publish competitive analysis without fact-checking
βDon't finalize user stories without engineering review
βDon't make prioritization decisions solely on AI scoring
βDon't skip customer validation of generated requirements
βDon't ignore company-specific context and culture
π‘ Pro Tips
β Provide context: company goals, constraints, customer feedback
β Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
β Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
β Use skill for 70% generation + 30% customization to company needs
When to Use This
β Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
β Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
1Basic: user stories, feature specs, status updates
