convex
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill uses instructional language consistent with technical documentation. No patterns of 'ignore previous instructions', 'bypass', or 'DAN' were detected.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials (API keys, tokens) or unauthorized network calls were found. The code snippets correctly demonstrate using
ctx.authfor identity verification. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard
convexlibraries. An example usingfetchto an external API is provided within the context of a Convex 'action', which is the platform's standard way to handle side effects, and is not considered a security risk in this instructional context. - [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving piping remote scripts to shells or the use of unsafe execution functions like
eval()orexec().
Audit Metadata