turso

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed secret values inline (e.g., hexkey in a connection string and authToken as a literal), which could require the LLM to output API keys or tokens verbatim when instantiated, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to connect to and sync with remote Turso Cloud databases (e.g., references/sync.md shows connect({ url: "libsql://..." / "https://your-database.turso.io", authToken, await db.pull(), partialSync {...} }) and references/agents.md shows agents reading/writing memory to those DBs), which means untrusted/user-generated remote database contents are fetched and used as agent state/inputs that could influence actions and enable indirect prompt injection.