web-frameworks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): No functional executable code is provided in the skill files. The Python scripts referenced in the documentation (nextjs-init.py and turborepo-migrate.py) are missing, and the remaining content is strictly informational markdown and configuration templates.
- EXTERNAL_DOWNLOADS (SAFE): The skill directs users to utilize standard package managers and official CLI tools (npx, npm) for reputable frameworks from trusted sources like Vercel. There are no instructions to download or execute code from untrusted or unknown sources.
- CREDENTIALS_UNSAFE (SAFE): The skill correctly uses placeholders (e.g., team_xxx) and secure CI/CD secret syntax (e.g., ${ { secrets.TURBO_TOKEN } }) in its configuration examples, ensuring no real credentials or sensitive data are exposed.
Audit Metadata