turborepo
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [Official Vendor Integration]: The skill is authored by Vercel and provides guidance strictly aligned with official Turborepo documentation and ecosystem. All external links and resources point to trusted domains like turborepo.dev and vercel.com.
- [Best Practice Security Standards]: The instructions emphasize secure handling of sensitive environment variables such as
TURBO_TOKENandAPI_KEYby recommending the use of.envfiles and CI secrets rather than hardcoding values. - [Trusted Tooling References]: The skill references well-known and standard development tools, including GitHub Actions (actions/checkout, actions/setup-node), package managers (pnpm, yarn, bun), and community-standard monorepo utilities (syncpack, manypkg), all of which are considered safe for professional development environments.
- [No Risky Command Patterns]: Analysis of the CLI command guidance and CI/CD templates shows no use of dangerous patterns such as piped remote script execution (e.g., curl|bash) or unauthorized privilege escalation.
Audit Metadata