turborepo
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [Safe Resource Usage]: The skill references official Turborepo documentation, Vercel services, and well-known CI actions from trusted organizations like GitHub and Pnpm. These references are used for legitimate configuration and workflow management.
- [Standard Tooling Implementation]: Shell commands and configuration examples (e.g.,
turbo run,npx turbo-ignore) follow established patterns for JavaScript monorepo development. The use of standard package managers and build tools is consistent with the skill's intended purpose. - [Credential Safety Guidance]: The documentation explicitly encourages the use of secure CI environment secrets for sensitive data like
TURBO_TOKEN, preventing accidental exposure in source code or configuration files. - [Project Configuration Surface]: The skill involves the agent reading and modifying project configuration files such as
package.jsonandturbo.json. While this is an active surface for indirect prompt injection, the guidance provided is strictly organizational and configuration-focused, maintaining a safe operational scope.
Audit Metadata