convex
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows recommended security practices for Convex development, including server-side identity verification via ctx.auth and mandatory argument/return validation.- [EXTERNAL_DOWNLOADS]: Dependencies are sourced from official registries and trusted repositories, including official Convex packages and vendor-owned configuration tools (@vllnt/eslint-config) for linting and project consistency.- [COMMAND_EXECUTION]: Shell commands provided are limited to the official Convex CLI (npx convex) and standard development utilities (e.g., openssl for secret generation), which are documented for intended backend operations.- [DATA_EXFILTRATION]: No patterns of unauthorized data access or exfiltration were found. The skill provides clear guidance on secure environment variable management using the platform's native tools rather than local files.
Audit Metadata