convex-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill implements strong authentication patterns using
ctx.auth.getUserIdentity()and role-based checks (requireAdmin), ensuring data access is properly restricted. - [SAFE]: Sensitive information such as API keys are managed through environment variables (
process.env.SAM_GOV_API_KEY) rather than being hardcoded. - [SAFE]: Network operations are limited to a well-known, trusted government service (sam.gov) for data retrieval purposes.
- [SAFE]: The automated scanner detection of 'existing.co' is a false positive; it incorrectly identified the TypeScript variable
existingfollowed by subsequent code logic or property access as a malicious domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata