The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill requires external Node.js packages @convex-dev/agent and @convex-dev/rag. These are third-party dependencies necessary for the skill's functionality within the Convex ecosystem.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The answerWithContext action interpolates untrusted data from both the search results and the user's query directly into a prompt template.
Ingestion points: The question parameter in answerWithContext and the text parameter in addContent (SKILL.md).
Boundary markers: Employs basic Markdown headers (# Context:, # Question:) as delimiters. These may be insufficient to prevent sophisticated injection attacks embedded within the documents or the query itself.
Capability inventory: The resulting prompt is passed to thread.generateText to produce an LLM response.
Sanitization: No sanitization, escaping, or length validation of the context or question strings is performed before interpolation into the augmentedPrompt string.

Convex Agents RAG