Skills
skills/bjornmelin/dev-skills/convex-audit/Gen Agent Trust Hub

convex-audit

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local binary at /home/bjorn/.codex/skill-support/bin/convex-scan via the subprocess module in scripts/scan_convex.py. This is an intended functionality for performing backend audits.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted repository data.
  • Ingestion points: Repository files and AGENTS.md processed by the scan tool.
  • Boundary markers: None explicitly defined in the prompt instructions to delineate untrusted content.
  • Capability inventory: Subprocess execution of the convex-scan utility.
  • Sanitization: No explicit sanitization or filtering is visible in the skill scripts.
  • [SAFE]: No evidence of data exfiltration, hardcoded credentials, or obfuscated code was found. The skill operates within its defined scope of backend auditing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 04:55 AM