turborepo-caching
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface exists through the processing of user-supplied goals and constraints.
- Ingestion points: User input defining goals, constraints, and requirements (SKILL.md).
- Boundary markers: Absent; the skill does not specify delimiters or instructions to prevent the agent from obeying instructions embedded within processed data.
- Capability inventory: The skill involves executing various shell commands (
turbo,npx,npm), which creates a risk if malicious input influences the parameters of these commands. - Sanitization: No sanitization or validation logic is defined to check the integrity of external inputs.
- [DATA_EXFILTRATION]: The self-hosted remote cache server template contains a potential path traversal vulnerability.
- Evidence: Template 4 (Express server) uses
join(CACHE_DIR, team, hash)whereteamandhashare sourced directly from unsanitized request parameters (req.query.teamIdandreq.params.hash). - Risk: An attacker could use directory traversal sequences (e.g.,
../) to read or write files outside the intended cache directory if this template is implemented in a production environment.
Audit Metadata