Skills
skills/bradleygolden/claude-marketplace-elixir/hex-docs-search/Gen Agent Trust Hub

hex-docs-search

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from package documentation and source code, creating a surface for indirect prompt injection.\n
  • Ingestion points: Documentation and source code from deps/, .hex-docs/, .hex-packages/, and results from HexDocs API or WebSearch.\n
  • Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore potentially embedded instructions in the fetched data.\n
  • Capability inventory: The skill allows the use of Bash, WebSearch, Read, Grep, and Glob tools.\n
  • Sanitization: No sanitization or verification of the fetched external documentation content is performed.\n- [COMMAND_EXECUTION]: Uses the Bash tool to run mix, curl, grep, and jq for legitimate package research and searching tasks within the Elixir ecosystem.\n- [EXTERNAL_DOWNLOADS]: Fetches documentation and source code from hex.pm and search.hexdocs.pm. These are well-known official services for Elixir packages and are treated as safe sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 01:46 PM