skills/qdhenry/foundry-oss/convex-agents/Snyk

convex-agents

Warn

Audited by Snyk on Jun 21, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The workflow ingests outsider-authored free text via the sendMessage action’s args.message (user-provided chat input) into the agent’s LLM context as messages: [{ role: "user", content: args.message }], which is not authored by the operating user’s system prompts/files but by an external party at runtime.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 21, 2026, 10:02 AM

Issues

1

Security Audit — snyk — convex-agents