turso
Warn
Audited by Snyk on Mar 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly instructs agents to connect and sync with remote Turso Cloud databases (references/sync.md and references/agents.md) and to fetch JWKS endpoints (references/auth.md), which means the agent will pull arbitrary third-party-hosted data/JSON into its workflow and could read that untrusted content to make decisions.
Audit Metadata