turborepo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides documentation and instructions for managing Turborepo monorepos. It covers configuration, caching, environment variables, filtering, and CI/CD setup. It also guides users on handling sensitive tokens without providing any hardcoded credentials.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute turbo commands in the shell. This is the primary intended function of the skill and follows best practices like using turbo run in scripts and CI.
- [EXTERNAL_DOWNLOADS]: The skill references standard package managers like npm and pnpm and well-known services like Vercel and GitHub for installing dependencies and remote caching.
- [PROMPT_INJECTION]: Indirect attack surface exists due to processing untrusted configuration files. 1. Ingestion points: turbo.json, package.json, and task logs. 2. Boundary markers: None explicitly defined, though documentation emphasizes structured JSON. 3. Capability inventory: Shell execution via turbo and filesystem writes. 4. Sanitization: Relies on agent default safety filters and structured monorepo file formats.
Audit Metadata