convex-backend
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions to override system prompts, bypass safety filters, or disclose internal instructions were found. The 'Key Rules' are legitimate framework constraints.
- [DATA_EXFILTRATION] (SAFE): No network operations, hardcoded credentials, or access to sensitive file paths (e.g., .env, .ssh) are present in the snippets.
- [EXTERNAL_DOWNLOADS] (SAFE): No remote script execution (curl|bash) or unverifiable package installations are defined.
- [OBFUSCATION] (SAFE): No Base64, zero-width characters, or homoglyph-based evasion techniques were detected.
- [INDIRECT_PROMPT_INJECTION] (INFO): The skill defines an attack surface (Convex Actions for external API calls), but it does not implement any ingestion logic for untrusted data within this file. The instructions are static guidelines for the agent's reasoning.
Audit Metadata