turso-db
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The documentation instructs the agent to use the provided files instead of searching the web for Turso documentation. This directive is used to ensure accuracy and prevent hallucinations from outdated web data.
- [EXTERNAL_DOWNLOADS]: The skill provides a shell command to install the Turso CLI via a script fetched from the official GitHub repository of the tursodatabase organization.
- [EXTERNAL_DOWNLOADS]: The skill references various official packages in standard NPM (@tursodatabase/*), PyPI (pyturso), Cargo (turso), and Go (turso.tech) registries.
- [COMMAND_EXECUTION]: The skill includes shell commands for environment setup, database management, and running an Model Context Protocol (MCP) server for agentic interaction.
- [DATA_EXFILTRATION]: The documented remote sync functionality allows for bidirectional data transfer between local replicas and Turso Cloud. This is the intended core purpose of the replication engine and is performed using official SDKs.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes data from database queries. 1. Ingestion points: Results from database query methods and Full-Text Search (FTS) highlights. 2. Boundary markers: None specified in documentation. 3. Capability inventory: CLI subprocess execution and network synchronization operations. 4. Sanitization: No explicit filtering or sanitization of database results is documented.
Audit Metadata