Skills
skills/anand-testcompare/scripts-prompts-config/convex-delete-deployments/Gen Agent Trust Hub

convex-delete-deployments

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [Data Exposure & Exfiltration] (HIGH): The skill documentation explicitly identifies ~/.convex/config.json as a primary source for the accessToken. Accessing sensitive credential files is a high-risk behavior that can lead to unauthorized data exposure.
  • [Credentials Unsafe] (HIGH): The skill is designed to handle and potentially expose sensitive authentication tokens (CONVEX_ACCESS_TOKEN) via CLI arguments and local file reads. Tokens passed in command-line arguments can be visible in system process lists.
  • [Command Execution] (MEDIUM): The skill executes a Python script (delete_deployments.py) using several user-provided flags. This involves sub-process spawning which carries risks if inputs are not properly sanitized.
  • [Indirect Prompt Injection] (LOW): This skill has an attack surface for indirect injection as it ingests untrusted data from user-provided arguments.
  • Ingestion points: CLI arguments such as --team, --project, --name, --match, and --exclude in SKILL.md.
  • Boundary markers: None provided in the command templates.
  • Capability inventory: Executes local python script via python3 command line.
  • Sanitization: Unverifiable as the script source code is missing from the provided files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 10:55 PM