turso
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The RAG implementation example in 'references/vector-search.md' creates a surface for indirect prompt injection.
- Ingestion points: Data retrieved from database tables ('chunks' and 'documents') is used to construct the prompt in the 'answerQuestion' function.
- Boundary markers: The prompt uses natural language instructions to limit the LLM's scope but does not employ structural delimiters (e.g. triple quotes or XML tags) to isolate the untrusted context.
- Capability inventory: The skill enables database read/write operations and provides code for interacting with external LLM APIs.
- Sanitization: No validation or filtering of the retrieved content is shown before interpolation into the prompt.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download official tools and libraries from well-known sources.
- Fetches the Turso CLI via the official 'tursodatabase' Homebrew tap.
- Installs verified packages including '@libsql/client', 'drizzle-orm', 'prisma', and 'openai' from the npm registry.
- [COMMAND_EXECUTION]: The skill provides numerous CLI command examples for managing Turso databases and project dependencies using official tooling.
Audit Metadata