turborepo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a significant vulnerability surface for indirect prompt injection because it ingests untrusted user input and possesses the capability to modify high-privilege configuration files and CI/CD workflows.\n
- Ingestion points: User input enters through the $ARGUMENTS variable in command/turborepo.md.\n
- Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or boundary markers to isolate untrusted content.\n
- Capability inventory: The agent is empowered to write filesystem changes (package.json, turbo.json) and configure CI/CD pipelines (GitHub Actions, Vercel).\n
- Sanitization: No input validation or sanitization is implemented to prevent the interpolation of malicious instructions.\n- Metadata Poisoning (LOW): Reference files (e.g., github-actions.md) cite non-existent versions of common actions (e.g., actions/checkout@v6), which could lead to build failures or potential dependency confusion risks if those version tags are claimed by third parties.
Recommendations
- AI detected serious security threats
Audit Metadata