turso-db

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a direct download of an executable shell installer (.sh) from a GitHub releases URL — although it may come from the legitimate "tursodatabase" repo, piping or running unknown .sh installers from the internet is a high-risk distribution vector and should be verified before use.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls and syncs data from remote Turso Cloud endpoints (e.g., references/sync.md and SDK examples in sdks/python.md, sdks/go.md, sdks/react-native.md showing pull()/pull(), and SKILL.md's MCP server) so the agent ingests and acts on potentially untrusted third‑party database content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SKILL.md includes a runtime installation command that downloads and pipes a remote shell script to sh (curl ... | sh) from https://github.com/tursodatabase/turso/releases/latest/download/turso_cli-installer.sh, which executes remote code and is presented as the installer for the required tursodb CLI.