convex-file-storage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill contains legitimate code snippets for Convex functions (mutations and queries). It follows standard practices for the platform, such as using authenticated identities for write operations.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted metadata such as
fileName. - Ingestion points: File names and types are received in the
saveFilemutation and image dimensions insaveImage(SKILL.md). - Boundary markers: No explicit delimiters or boundary markers are used when handling these strings.
- Capability inventory: The skill allows for database insertion and file deletion.
- Sanitization: While the code snippets do not implement sanitization, the 'Common Pitfalls' section explicitly advises developers to validate file types and add ownership checks, mitigating the risk for implementers.
Audit Metadata