turborepo
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and guidance for Turborepo. It does not contain any executable scripts or commands that pose a security risk. No evidence of malicious behavior, obfuscation, or unauthorized data access was found across the 26 files analyzed.\n- [EXTERNAL_DOWNLOADS]: The documentation references and recommends standard industry tools such as
turbo,syncpack,manypkg, andsherif. It also provides examples for setting up GitHub Actions using official and well-known actions (actions/checkout,actions/setup-node,pnpm/action-setup,oven-sh/setup-bun). These are documented neutrally and originate from trusted sources.\n- [PROMPT_INJECTION]: No evidence of malicious prompt injection was found. The use of instructional language is appropriate for the skill's purpose. While the skill reads configuration files liketurbo.json, creating a potential surface for indirect prompt injection, it does not perform any unsafe operations with the data and follows documentation-only patterns.\n- [DATA_EXFILTRATION]: The skill provides guidance on managing environment variables and authentication tokens (e.g.,TURBO_TOKEN) within the context of standard configuration and CI/CD security (e.g., using GitHub Secrets). No commands were found that attempt to exfiltrate sensitive data to unauthorized external domains.
Audit Metadata