turborepo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill primarily consists of markdown documentation and instructional templates. No malicious code, obfuscated strings, or unauthorized data access patterns were found.
- [COMMAND_EXECUTION] (SAFE): The skill provides many examples of
turboCLI commands and package manager scripts (pnpm,npm,yarn,bun). These commands are standard for monorepo orchestration and are used correctly within the context of the skill's purpose. The instructions explicitly warn against 'Root Tasks' and promote better security and performance practices. - [DATA_EXPOSURE] (SAFE): The documentation refers to sensitive environment variables such as
TURBO_TOKEN,AWS_SECRET_KEY, andGITHUB_TOKEN. These references are informational, teaching the user how to properly manage secrets in CI/CD environments and how to use Turborepo's hashing configuration to avoid leaking secrets into the cache (e.g., usingpassThroughEnv). - [EXTERNAL_DOWNLOADS] (SAFE): The files reference standard, trusted development tools and libraries from the Node.js ecosystem (e.g.,
turbo,next,typescript,eslint). All external references are consistent with official documentation for Turborepo and related frameworks.
Audit Metadata