Skills
skills/existential-birds/beagle/elixir-security-review/Socket

elixir-security-review

Warn

Audited by Socket on Feb 16, 2026

1 alert found:

Security
SecurityMEDIUM
references/code-injection.md

The fragment demonstrates critical insecure patterns (Code.eval_string, unsafe :erlang.binary_to_term usage, and dynamic module loading from user input) with explicit warnings. While no payload is embedded, these patterns enable remote code execution, DoS via atom creation, and unauthorized dynamic behavior. Adopt and enforce safe patterns: sandboxed evaluation, safe deserialization, strict whitelisting for dynamic calls, and input validation. Overall, the risk is substantial and requires remediation before deployment.

Confidence: 70%Severity: 80%
Audit Metadata
Analyzed At
Feb 16, 2026, 01:05 AM
Package URL
pkg:socket/skills-sh/existential-birds%2Fbeagle%2Felixir-security-review%2F@c4df55eaefe5f7a49eede4614b8344599c6d1d58