Skills
skills/sstobo/convex-skills/Convex Agents Tools/Gen Agent Trust Hub

Convex Agents Tools

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill enables autonomous tool calling based on untrusted user input, creating a surface for indirect prompt injection.
  • Ingestion points: The request parameter in the autonomousAgent action in SKILL.md is passed directly to the LLM.
  • Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are present in the provided code snippet.
  • Capability inventory: The example tool getUserDataTool allows database read access (ctx.runQuery).
  • Sanitization: The skill demonstrates the use of Zod (z.string().email()) for strict schema validation and description-based constraints on tool arguments, which mitigates basic injection attempts into the tool parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM