hex-docs-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads public third‑party docs and source (SKILL.md and README state it uses the HexDocs search API at https://search.hexdocs.pm, queries hex.pm, falls back to web search/site:hexdocs.pm, and runs mix hex.docs/mix hex.package to fetch remote package docs and source), so untrusted external content is ingested and used to drive searches and actions.