convex-runtime
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, prompt injections, or obfuscated code were detected in the skill instructions or examples.- [DATA_EXFILTRATION] (SAFE): The skill references network communication via Convex HTTP actions and file management via Convex storage. These are standard framework operations and no hardcoded credentials or unauthorized exfiltration patterns were identified.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill facilitates the creation of surfaces that ingest untrusted data from HTTP requests and search indexes. * Evidence Chain: 1. Ingestion points:
httpActionhandlers (SKILL.md) andwithSearchIndexqueries (SKILL.md). 2. Boundary markers: None specified in prompt templates. 3. Capability inventory: Database read/write (ctx.db), File storage access (ctx.storage), and network response generation. 4. Sanitization: The instructions explicitly state that HTTP actions must parse requests manually as they do not support automated validators, shifting the responsibility of sanitization to the developer.
Audit Metadata