convex-create-component
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the user to use standard development commands including
npx convex devandnpx convex codegen. These are official tools used for code generation and local development in the Convex ecosystem. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingest user requirements to generate Convex component code (SKILL.md).
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used for the generated code blocks.
- Capability inventory: The generated code is intended to be executed via
npx convex dev(SKILL.md). - Sanitization: No specific sanitization of user input is implemented before code generation.
- Analysis: Although the skill generates code based on user input, this is the primary intended purpose of the development tool. The instructions emphasize creating clear boundaries and using app-side wrappers for client access, which mitigates typical injection risks.
Audit Metadata