The Agent Skills Directory

[SAFE]: The skill performs legitimate repository maintenance tasks such as mirroring changes, committing code, and creating Pull Requests via the GitHub CLI (gh).- [DATA_EXFILTRATION]: The skill reads content from local skill directories and uploads it to the upstream 'tobihagemann/turbo' repository. This is the intended primary purpose of the skill. To mitigate risk, the process includes multiple user confirmation checkpoints (Step 3) and a mandatory 'Privacy Filter' (Step 5) designed to scrub project names, credentials, and business logic from the PR context.- [COMMAND_EXECUTION]: The skill executes standard shell commands for file management (rm, diff) and version control (git, gh). These operations are scoped to specific directories related to the turbo project's configuration and repository paths.- [PROMPT_INJECTION]: The skill processes potentially untrusted content from local skill files. While this creates a surface for indirect prompt injection if those files contain malicious instructions, the skill mitigates this by requiring the agent to classify hunks as 'Correction' or 'Customization' and asking for user confirmation on ambiguous changes.

contribute-turbo