turborepo
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and guidance layer for Turborepo. All instructions align with official best practices for monorepo management.
- [EXTERNAL_DOWNLOADS]: The skill references standard ecosystem tools such as
syncpack,manypkg, andsherifvianpx. These are well-known community tools for managing monorepo dependencies and do not constitute a security risk in this context. - [SAFE]: Remote code patterns identified involve official GitHub Actions (
actions/checkout,actions/setup-node) and verified package manager setups (pnpm/action-setup,oven-sh/setup-bun), which are considered safe under established trust rules. - [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms was found. The environment variables mentioned (e.g.,
TURBO_TOKEN,DATABASE_URL) are used as configuration examples and placeholders, not hardcoded secrets.
Audit Metadata