Skills
skills/sstobo/convex-skills/Convex Agents Streaming/Gen Agent Trust Hub

Convex Agents Streaming

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Prompt Injection] (LOW): The skill provides patterns for handling user prompts that create an attack surface for indirect prompt injection.\n
  • Ingestion points: The streamResponse action in SKILL.md accepts a prompt argument from the user.\n
  • Boundary markers: No delimiters or safety instructions are included in the code examples to isolate user input from agent instructions.\n
  • Capability inventory: The skill uses @convex-dev/agent for streaming; it does not involve subprocess execution, file-writing, or network requests to external domains.\n
  • Sanitization: There is no evidence of input sanitization or validation in the provided code snippets.\n- [Data Exposure & Exfiltration] (SAFE): No credentials or sensitive data access patterns identified.\n- [Remote Code Execution] (SAFE): No remote code execution or dynamic code evaluation detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM