convex-file-system
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify installing the
convex-fspackage via npm. This is a legitimate dependency required for the core functionality of the file system component. - [DATA_EXFILTRATION]: The skill facilitates the transfer of file data to bunny.net storage zones. This is the primary intended purpose of the skill and utilizes well-known storage infrastructure. All credentials for this service are managed through environment variables rather than hardcoded values.
- [PROMPT_INJECTION]: The skill manages external data via file uploads, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the system context through the
/fs/uploadHTTP route as blob data. - Boundary markers: The skill does not implement specific boundary markers for file content, as it handles data as opaque binary blobs.
- Capability inventory: The skill possesses the capability to write, move, copy, and delete files on the storage backend through methods like
fs.writeFile,fs.move, andfs.delete. - Sanitization: Access control and data validation are handled by developer-implemented hooks (
uploadAuthanddownloadAuth), allowing for robust verification of user identities and data permissions.
Audit Metadata