update-turbo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads UPDATE.md from the configured remote repository (via git fetch and git show /main:UPDATE.md in ~/.turbo/repo) and then instructs the agent to "follow the fetched UPDATE.md instructions from start to finish," allowing arbitrary upstream repository content to directly control agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs git fetch/show against the configured git remote (origin/upstream — i.e., the remote URL for ~/.turbo/repo) to read UPDATE.md at runtime and then instructs the agent to "follow the fetched UPDATE.md", so external content from that remote URL directly controls agent instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to fetch and blindly "follow the fetched UPDATE.md instructions from start to finish," which can contain arbitrary commands (including sudo, service/file modifications, or user creation) that may compromise the host.