convex-self-hosting
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the agent to clone a repository from 'https://github.com/get-convex/convex-backend' and pull Docker images from 'ghcr.io/get-convex/convex-backend'. Neither source is within the Trusted GitHub Organizations or Repositories list defined in the security policy.
- REMOTE_CODE_EXECUTION (HIGH): By cloning a repository and immediately running 'docker compose up', the skill performs a 'download then execute' pattern on third-party code. This is a high-risk operation as the contents of the repository and Docker images are not verified by this skill's static definition.
- COMMAND_EXECUTION (HIGH): The skill requires the agent to execute several powerful system commands, including 'docker compose exec', 'openssl', and 'npx convex'. Specifically, it invokes './generate_admin_key.sh' inside a container, which is an opaque execution step.
- DYNAMIC_EXECUTION (MEDIUM): The skill provides a template for a custom bash entrypoint script ('convex-backend-entrypoint.sh') that is generated and then executed as the container entrypoint. This involves dynamic environment variable interpolation and script generation.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill is a configuration guide, it sets up an environment that will ingest external data (authentication tokens, API requests). However, the risk is currently limited to the deployment phase rather than a runtime parsing vulnerability in the skill itself.
Recommendations
- AI detected serious security threats
Audit Metadata