Convex Agents Playground
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions direct users to run
npx @convex-dev/agent-playground. This involves downloading and executing a package from a source outside the predefined trusted organizations list. While typical for the Convex platform ecosystem, it represents an unverifiable dependency in this context. - [REMOTE_CODE_EXECUTION] (MEDIUM): The use of
npxto run the playground utility constitutes a 'download then execute' pattern. Although this is the primary purpose of the skill (providing a development tool), it poses a risk if the package or the registry is compromised. - [DATA_EXPOSURE] (LOW): The skill instructs users to enter Convex deployment URLs and API keys into a hosted playground at
https://get-convex.github.io/agent/. While this is a common pattern for hosted developer tools, it requires trusting the hosted environment with sensitive access credentials. - [INDIRECT_PROMPT_INJECTION] (LOW): The playground UI processes user-controlled message history and tool outputs.
- Ingestion points: User messages and thread history displayed in the web UI.
- Boundary markers: No specific delimiters or safety instructions are mentioned for the UI display logic.
- Capability inventory: The playground can trigger tool calls and send messages to agents based on user input.
- Sanitization: The documentation does not specify sanitization methods for external data rendered in the playground.
Audit Metadata