turborepo
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of Markdown reference files providing guidance on Turborepo. It does not include any executable scripts or hidden logic.
- [EXTERNAL_DOWNLOADS]: The skill references official Turborepo tools and trusted registries (npm). It provides instructions for connecting to well-known services like Vercel for remote caching, which is a standard part of the tool's functionality.
- [DATA_EXFILTRATION]: The documentation discusses the use of environment variables for authentication and configuration. There are no patterns suggesting the exfiltration of sensitive data to untrusted third parties.
- [PROMPT_INJECTION]: The skill includes instructions for the AI agent on how to correctly configure monorepo tasks. No attempts to bypass safety filters or override core agent behavior were identified.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project configuration files which represent a potential ingestion point for untrusted data. 1. Ingestion points: reads turbo.json and package.json from the workspace. 2. Boundary markers: No explicit boundary markers or 'ignore' instructions for data interpolation are specified in the guidance. 3. Capability inventory: The skill enables the agent to execute turbo run commands and modify workspace configurations. 4. Sanitization: Relies on standard JSON parsing and Turborepo CLI validation.
Audit Metadata