turso-db
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The installation instructions include a command that downloads a script from an untrusted remote source and pipes it directly into the shell (
| sh). This is a highly dangerous pattern that bypasses package manager security checks and executes unverified code. - Evidence:
SKILL.mdcontainscurl --proto '=https' --tlsv1.2 -LsSf https://github.com/tursodatabase/turso/releases/latest/download/turso_cli-installer.sh | sh. - EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install Node.js packages from an organization (
@tursodatabase) that is not on the trusted sources list. - Evidence:
npm i @tursodatabase/databaseinSKILL.mdandreferences/javascript-api.md. - COMMAND_EXECUTION (LOW): The skill requires the execution of multiple local system commands for installation, database management, and encryption key generation.
- Evidence: Extensive use of the
tursodbCLI andopensslacross all files. - PROMPT_INJECTION (LOW): The skill provides an interface to a database engine that processes external data and SQL queries, creating a surface for indirect prompt injection.
- Ingestion points: Local database files (
.db) and user-provided SQL queries. - Boundary markers: Absent.
- Capability inventory: Local command execution (
tursodb), file system write/read, and SQL execution. - Sanitization: No evidence of sanitization or instruction-ignoring delimiters.
Recommendations
- AI detected serious security threats
Audit Metadata