turingcoder-skills-integration
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is installed from and references an untrusted GitHub repository (
https://github.com/suskycode/turingcoder-skills). [TRUST-SCOPE-RULE] applied: While downloads fromvercel-labsandanthropicsare downgraded to LOW, the primary skill source remains untrusted.\n- REMOTE_CODE_EXECUTION (MEDIUM): Thebootstrap.shscript and the deployed workflows execute bash commands and Node-based tools fetched from remote sources. This pattern allows the author to execute arbitrary logic on the host system during the integration process.\n- COMMAND_EXECUTION (MEDIUM):scripts/deploy-workflow.shusessedto dynamically inject shell commands (__BOOTSTRAP_CMD__) into markdown templates. This generated content is then executed by the agent, creating a risk of command injection if the source variables are manipulated.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill creates an attack surface by managing theAGENTS.mdfile which controls agent behavior.\n - Ingestion points:
bootstrap.shanddeploy-workflow.shgenerate project configuration files.\n - Boundary markers: Absent; the generated
AGENTS.mdlacks delimiters or instructions to ignore embedded malicious instructions within skill descriptions.\n - Capability inventory: Access to
bash,npx, and file system operations (ln -s,mkdir).\n - Sanitization: No validation or escaping is performed on the repository URLs before they are processed by shell scripts.\n- AUTOMATED SCAN ALERT: An automated scanner flagged
references/requirements.mdfor containing a blacklisted URL, which correlates with the untrusted nature of the primary repository.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata