update-turbo

SUSPICIOUS: the stated purpose matches updating Turbo, but the mechanism is overly trusting. It fetches mutable instructions from whatever remote is configured locally and tells the agent to execute them without verifying publisher, domain, tag, commit, or integrity, creating a strong supply-chain and remote-instruction risk.