phoenix-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Tidewave MCP documentation (references/tidewave.md) explicitly documents a tool "search_package_docs" that queries hexdocs.pm (a public website) and instructs the agent to use get_docs/search_package_docs as part of its workflow, meaning the agent will fetch and interpret external, third‑party documentation that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs AI tooling to connect at runtime to the Tidewave MCP HTTP endpoint (http://localhost:4000/tidewave/mcp), which exposes MCP tools such as project_eval that execute code and can directly influence agent behavior.