convex-actions-general

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and processes user-provided/untrusted content — e.g., the chat example in convex/messages.ts reads user messages and image uploads from the database/storage (ctx.db / ctx.storage.getUrl) and the HTTP endpoint in convex/http.ts accepts arbitrary webhook payloads, and an action (generateResponse) loads context from the DB and sends it to OpenAI, so the agent reads and acts on untrusted third-party content.