Skills
skills/sstobo/convex-skills/Convex Agents Files/Gen Agent Trust Hub

Convex Agents Files

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill handles user-provided media and document data that is subsequently processed by an AI agent, creating a potential vector for malicious instructions embedded within processed files.
  • Ingestion points: uploadFile (via fileData) and analyzeImageInline (via imageData) in SKILL.md.
  • Boundary markers: Absent; user-provided data is interpolated directly into message content objects without delimiters or instructions to ignore embedded content.
  • Capability inventory: Includes thread.generateText, storeFile, and generateImage (DALL-E integration).
  • Sanitization: No evidence of content scanning, structural validation, or instruction stripping from the file data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM