The Agent Skills Directory

[Remote Code Execution] (HIGH): The project_eval tool allows the AI agent to execute arbitrary Elixir code within the running application runtime. (File: references/tidewave.md)\n- [Command Execution] (HIGH): The execute_sql_query tool enables direct SQL execution against the application's database. (File: references/tidewave.md)\n- [Data Exposure & Exfiltration] (MEDIUM): The get_logs tool exposes server logs, which may contain sensitive runtime data or environment secrets. (File: references/tidewave.md)\n- [Unverifiable Dependencies] (MEDIUM): The installation process requires downloading packages from Hex (tidewave, igniter_new), which are not in the trusted source list. (File: references/tidewave.md)\n- [Prompt Injection] (LOW): The skill provides instructions for CLAUDE.md that guide the AI to use these high-privilege tools, potentially bypassing safety context. (File: references/tidewave.md)\n- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect injection if the AI processes malicious content from logs or database records. Evidence: 1. Ingestion points: get_logs, execute_sql_query. 2. Boundary markers: Absent. 3. Capability inventory: project_eval. 4. Sanitization: Absent. (File: references/tidewave.md)

phoenix-framework