turso-libsql
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official client libraries
@libsql/client(Node.js) andlibsql-client(Python) for interacting with Turso's libSQL-based database platform. These are standard packages from the service provider. - [COMMAND_EXECUTION]: The documentation includes instructions for using the
tursoCLI tool (e.g.,turso auth login,turso db create,turso dev). These are expected administrative commands for managing the Turso platform. - [PROMPT_INJECTION]: The
references/vector-search.mdfile contains a code example for a RAG system that is susceptible to indirect prompt injection. The example retrieves potentially untrusted content from a database and interpolates it into a prompt sent to an LLM without sufficient sanitization or boundary protection. - Ingestion points: The
queryfunction inreferences/vector-search.mdperforms a vector similarity search on theknowledgetable. - Boundary markers: The prompt template uses simple labels (
Context:andQuestion:) but lacks robust delimiters or system instructions to prevent the model from following commands embedded within the retrieved data. - Capability inventory: The provided code allows for database reads/writes and external API interaction with OpenAI.
- Sanitization: No sanitization or filtering logic is present in the example to inspect or clean retrieved context before it is processed by the LLM.
Audit Metadata