phoenix-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's Tidewave MCP tools (references/tidewave.md and SKILL.md) instruct the agent to use tools like search_package_docs (which queries hexdocs.pm/public package docs) and get_docs via the MCP endpoint (http://localhost:4000/tidewave/mcp), meaning the agent will fetch and interpret external public documentation that can influence execution and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagging http://localhost:4000/tidewave/mcp because the skill instructs connecting an AI assistant to the Tidewave MCP endpoint at runtime (via "claude mcp add ... http://localhost:4000/tidewave/mcp") which exposes tools like project_eval that execute Elixir code in the running application.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). This skill instructs adding and exposing the Tidewave MCP dev tools (including project_eval and execute_sql_query) and connecting an AI to the running app, which enables remote execution of Elixir code and SQL against the host and thus can be used to modify the machine state even if intended for dev/local use.