The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of system commands including git, cp, rm, ls, and npx to manage the local repository and skill installations. These tools are used to manipulate directories and execute the npx skills utility for skill management.
[EXTERNAL_DOWNLOADS]: It fetches and pulls data from remote Git repositories using git fetch and git pull. The specific remote is determined by the agent's local configuration, allowing content to be downloaded from any Git-hosted source.
[REMOTE_CODE_EXECUTION]: By downloading SKILL.md files from a remote repository and installing them into the agent's active skills directory (~/.claude/skills/), the skill enables the execution of unverified instructions and logic from remote sources.
[DATA_EXFILTRATION]: The skill reads and writes to sensitive configuration files such as ~/.turbo/config.json and ~/.claude/settings.json. It specifically offers to modify the permissions.allow array, which governs the security permissions and capabilities of the agent environment.
[PROMPT_INJECTION]: The skill has a significant exposure surface for indirect prompt injection.
Ingestion points: Content is ingested from commit logs (git log) and skill definition files (SKILL.md) sourced from external repositories.
Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious embedded instructions during the summarization or merging steps.
Capability inventory: The skill possesses powerful capabilities including file system write access, configuration modification, and command execution.
Sanitization: There is no evidence of content validation or sanitization of the remote data before it is processed or integrated into the local environment.

update-turbo