Skills
skills/sanity-io/next-sanity/turborepo/Gen Agent Trust Hub

turborepo

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes user-provided $ARGUMENTS to select relevant reference documentation. While it lacks explicit boundary markers, the resulting actions (modifying configuration files) are restricted to the intended purpose of workspace orchestration.
  • Ingestion points: $ARGUMENTS variable in command/turborepo.md used for task selection.
  • Boundary markers: Absent.
  • Capability inventory: Modification of package.json and turbo.json files; execution of turbo run commands.
  • Sanitization: Absent.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): The documentation mentions several standard ecosystem tools such as syncpack, manypkg, and sherif. These are well-known community tools for monorepo maintenance and are presented as optional best-practice recommendations.
  • [Data Exposure & Exfiltration] (SAFE): The skill references environment variables like TURBO_TOKEN and GITHUB_TOKEN, but correctly identifies them as secrets to be handled by CI provider vault systems (e.g., GitHub Secrets). No hardcoded credentials or unauthorized network exfiltration patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM