convex
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documents patterns for building AI agents that ingest untrusted user input and external data (via RAG).
- Ingestion points: The
userMessageargument and retrieved document content (relevantDocs) inconvex/ai.ts(references/agents.md) are processed by LLM actions. - Boundary markers: The
ragChatpattern uses system prompt instructions to delimit context, though it lacks explicit "ignore embedded instructions" warnings for the context body. - Capability inventory: The agent patterns include capabilities to perform database writes (
ctx.db.patch,ctx.db.insert) and call external tools or search actions (ctx.runAction) inconvex/ai.ts. - Sanitization: The skill utilizes Convex's built-in
vvalidators for all input arguments and employsJSON.parsefor handling tool-calling arguments, which provides a layer of structural validation. - [EXTERNAL_DOWNLOADS]: The skill references several official and well-known dependencies for its functionality.
- Documentation suggests installing official Convex components:
@convex-dev/agent,@convex-dev/rate-limiter,@convex-dev/action-retrier,@convex-dev/migrations,@convex-dev/workpool, and@convex-dev/eslint-plugin. - It also references well-known AI libraries:
aiandopenai. - Code examples show communication with well-known services:
api.stripe.com,api.resend.com, andapi.openai.com.
Audit Metadata