Skills
skills/sebastiaanwouters/dotagents/convex/Gen Agent Trust Hub

convex

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): The chat application example in references/chat-app-example.md is vulnerable to Indirect Prompt Injection.
  • Ingestion points: User-provided content is ingested via the sendMessage mutation in convex/index.ts and stored in the database.
  • Boundary markers: Absent. In the loadContext function, user messages are interpolated into strings (e.g., user.name: message.content) and passed directly to the OpenAI API without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has database write capabilities via ctx.runMutation and can perform external network requests to OpenAI.
  • Sanitization: Absent. The implementation does not filter, escape, or validate the user-generated content before processing it with the LLM.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, well-known software packages in its example configuration.
  • Evidence: package.json specifies convex and openai (a trusted organization).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:23 PM