Skills
skills/vinnie357/claude-skills/phoenix-framework/Gen Agent Trust Hub

phoenix-framework

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the tidewave and igniter packages from the Hex package registry, which are standard components for the Elixir/Phoenix ecosystem.
  • [COMMAND_EXECUTION]: Provides instructions for the user to run shell commands for project generation (mix phx.gen.context) and agent configuration (claude mcp add) to set up the development environment.
  • [REMOTE_CODE_EXECUTION]: Promotes the use of Tidewave's project_eval and execute_sql_query tools, which allow the agent to execute Elixir code and SQL within the local application runtime for debugging and introspection. The skill explicitly warns that these tools are for development only and should not be used in production.
  • [PROMPT_INJECTION]: Establishing a connection to live application logs and database content via Tidewave creates an indirect prompt injection surface.
  • Ingestion points: get_logs, execute_sql_query (referenced in references/tidewave.md).
  • Boundary markers: Absent in the description of tool outputs.
  • Capability inventory: project_eval, execute_sql_query, get_ecto_schemas (referenced in references/tidewave.md).
  • Sanitization: The skill explicitly recommends Phoenix best practices for input validation and sanitization using Ecto changesets (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 01:24 AM