turso-db

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to connect to and sync with remote Turso Cloud instances (e.g., SKILL.md "MCP Server" and references/sync.md plus multiple SDK files like sdks/python.md, sdks/react-native.md and sdks/wasm.md) — pulling remote changes and exposing the database via MCP means the agent will fetch and act on untrusted, user-provided remote database content that can influence subsequent queries and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL includes a setup command that at runtime fetches and executes remote code via curl | sh from https://github.com/tursodatabase/turso/releases/latest/download/turso_cli-installer.sh (used to install the tursodb CLI which the skill's CLI commands rely on), which constitutes executing remote code fetched at runtime.