turso-db

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's sync documentation (references/sync.md and the SDK examples) instructs the agent to connect to and pull/bootstrap data from remote Turso Cloud endpoints (e.g., libsql://your-db.turso.io or https://your-db.turso.io), which ingests untrusted third‑party database content that the agent is expected to read and act on (refresh UI, run follow-up logic), so remote content could materially influence tool behavior and enable indirect prompt injection.