Skills
skills/sstobo/convex-skills/Convex Agents Messages/Gen Agent Trust Hub

Convex Agents Messages

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies] (LOW): The skill relies on the @convex-dev/agent package to interact with the Convex backend. Although this package is fundamental to the skill's primary functionality, it is not hosted by an organization on the trusted repository list. Severity is reduced from MEDIUM to LOW as it is a core requirement for the intended use case.\n- [Indirect Prompt Injection] (LOW): The skill processes untrusted user data that could contain malicious instructions for the agent.\n
  • Ingestion points: The prompt argument in the saveUserMessage mutation in SKILL.md.\n
  • Boundary markers: Not present in the provided code snippets.\n
  • Capability inventory: Database read, write, and delete operations via the Convex agent SDK.\n
  • Sanitization: No sanitization or validation of the message content is demonstrated.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM