The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the mcp__tidewave__project_eval tool, which permits the execution of arbitrary Elixir code within the application's runtime context. Examples include inspecting process states using :sys.get_state(pid) and accessing application environment variables via Application.get_env, which could reveal sensitive configuration details.
[DATA_EXFILTRATION]: Through the mcp__tidewave__execute_sql_query tool, the agent is granted the ability to execute raw SQL queries against the project's database. This facilitates the retrieval of any stored data, including potentially sensitive user information, credentials, or internal configuration data. Additionally, mcp__tidewave__get_logs allows the agent to ingest application logs, which often contain PII or session tokens in development environments.
[REMOTE_CODE_EXECUTION]: The mcp__Tidewave-Web__browser_eval tool provides the capability to execute arbitrary JavaScript within a browser context. This can be used to exfiltrate data from the DOM or perform actions on behalf of a user in an active web session.
[PROMPT_INJECTION]: The skill establishes a significant vulnerability surface for Indirect Prompt Injection through its 'Proactive Runtime Patterns'. 1. Ingestion points: Untrusted data enters the agent context via application logs (mcp__tidewave__get_logs), database records (mcp__tidewave__execute_sql_query), and source code metadata (mcp__tidewave__get_docs). 2. Boundary markers: None are present; the instructions do not advise the agent to disregard instructions embedded within ingested runtime data. 3. Capability inventory: The agent has access to project_eval (code execution), execute_sql_query (database mutation/read), and browser_eval (JS execution). 4. Sanitization: No sanitization or validation of external content is mentioned before it is interpolated into tool calls or analysis tasks.

tidewave-integration