build-convex
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions use positional arguments ($0) directly in shell commands (e.g., 'mvn test -pl $0'). This allows for command injection if a user provides input containing shell metacharacters.
- [COMMAND_EXECUTION]: The use of hardcoded absolute paths such as 'C:/Users/mike_/git/convex' reveals the local username and directory structure to the agent context.
Audit Metadata