convex
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill relies on
npxto fetch and run the Convex CLI and MCP server (npx -y convex@latest mcp start). While these are industry-standard tools, they involve runtime code execution from external sources (npm registry). - COMMAND_EXECUTION (LOW): The skill provides the agent with instructions to run powerful backend management commands (e.g.,
npx convex dev,npx convex run). This is essential for the skill's utility but constitutes a high-privilege capability tier. - CREDENTIALS_UNSAFE (LOW): The
references/cli.mdfile identifies the location of sensitive authentication tokens at~/.convex/config.json. While the skill does not explicitly exfiltrate these, their exposure in the documentation increases the risk if the agent is manipulated. The skill also provides tools for manipulating environment variables (convex_envSet). - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). \n
- Ingestion points: Data enters the agent's context through
convex_logs,convex_data, andconvex_runOneoffQuery. \n - Boundary markers: No specific delimiters or instructions to treat tool output as untrusted are present in the router or templates. \n
- Capability inventory: The agent can execute functions (
convex_run), modify environment variables (convex_envSet), and deploy code (npx convex deploy). \n - Sanitization: There is no evidence of sanitization or filtering of external data before it is processed by the agent.
Audit Metadata