Skills
skills/tobihagemann/turbo/update-turbo/Gen Agent Trust Hub

update-turbo

Fail

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill fetches a remote file (UPDATE.md) and instructs the agent to 'Follow the fetched UPDATE.md instructions from start to finish'. This pattern allows an external repository owner to execute arbitrary commands or instructions on the user's system via the agent.
  • [COMMAND_EXECUTION]: The skill uses git commands to fetch remote data and read specific file versions from a repository.
  • [DATA_EXFILTRATION]: The skill reads the local file ~/.turbo/config.json. While no direct exfiltration over the network is defined in this skill, reading configuration files from hidden directories is a common prerequisite for harvesting credentials or environment metadata.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 18, 2026, 11:00 PM