turborepo
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- Prompt Integrity: The skill contains clear technical instructions for the agent to assist users with monorepo management. There are no attempts to override safety filters or bypass system instructions, and the guidelines provided are consistent with the tool's intended use.
- Environment Variable Handling: The skill provides best practices for declaring environment variables in
turbo.jsonto ensure cache correctness. It correctly identifies sensitive variables (like API keys and database URLs) as examples and advises on their secure handling within the build system, emphasizing the importance of hash inputs. - Trusted Tooling: The skill references standard industry tools such as pnpm, yarn, bun, and well-known monorepo utilities like syncpack and manypkg. These are used according to their intended purpose within the development ecosystem.
- No Malicious Patterns: No evidence of obfuscation, unauthorized data access, privilege escalation, or persistence mechanisms was found. The skill's structure and commands align with official Turborepo documentation and Vercel's deployment patterns.
- Secure CI/CD Guidance: The instructions for setting up GitHub Actions and Vercel deployments follow security best practices, such as using secrets for tokens and maintaining appropriate fetch depths for git operations.
Audit Metadata