turborepo-monorepo
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive technical guide for Turborepo. All instructions and code snippets are standard for the JavaScript/TypeScript ecosystem and do not exhibit malicious behavior.
- [EXTERNAL_DOWNLOADS]: The skill references standard dependencies and tools from well-known registries (NPM) and trusted organizations (pnpm, GitHub Actions). These are neutral and represent expected development workflows.
- [COMMAND_EXECUTION]: Shell commands provided (e.g.,
pnpm,turbo,npx) are intended for local monorepo management and do not involve unauthorized privilege escalation or persistence mechanisms. - [CREDENTIALS_UNSAFE]: References to secrets like
TURBO_TOKENorJWT_SECRETare used in the context of configuration templates or environment variable definitions (e.g.,${{ secrets.TURBO_TOKEN }}), which is a secure practice for secret management in CI/CD and code.
Audit Metadata