integrating-convex-expo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the user to execute standard CLI tools like
npx convexandnpx expo. It includes local Python scripts for project validation and scaffolding that perform file system operations (writing boilerplate code) but do not execute untrusted code or perform network operations.- [PROMPT_INJECTION]: While the skill includes a validation script that reads local configuration files likepackage.json, it performs only static analysis via regex to report configuration status. This represents a safe ingestion of local data with no impact on agent instruction integrity.- [SAFE]: All external references and dependencies target well-known and trusted organizations, including the official documentation for Expo and Convex. No patterns for data exfiltration, obfuscation, or unauthorized privilege escalation were detected.
Audit Metadata