convex-agents
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing the @convex-dev/agent, ai, and openai packages from the NPM registry. These are established tools for building AI features within the Convex ecosystem.
- [PROMPT_INJECTION]: The researchTopic workflow in convex/workflows.ts uses Retrieval Augmented Generation (RAG) which introduces a surface for indirect prompt injection. * Ingestion points: Data is ingested from the documents table via the agent.search function in convex/workflows.ts. * Boundary markers: The code uses markdown separators (---) between source materials but lacks explicit system instructions to the model to ignore any instructions found within those documents. * Capability inventory: The agent has the ability to generate chat responses and execute database mutations (e.g., updateStatus, completeResearch). * Sanitization: No sanitization or content validation is performed on the retrieved document content before it is interpolated into the research analysis prompt.
Audit Metadata