turbo-pipelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents runtime transforms and sinks that call arbitrary external HTTP APIs and databases (e.g., "handler" transforms that "Call external HTTP APIs to enrich" in SKILL.md and the Webhook sink / dynamic table patterns in references/sink-reference.md and references/architecture-patterns.md), meaning the agent/pipeline will fetch and interpret untrusted third‑party content which can materially change processing and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users to run remote install scripts (curl ... | sh) — specifically https://goldsky.com and https://install-turbo.goldsky.com — which fetch and execute code at runtime and are listed as required prerequisites, so they are high-risk external dependencies.