tidewave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP workflow explicitly includes "search_package_docs" which queries hexdocs.pm (a public third‑party documentation site) and instructs the agent to use get_docs/search_package_docs as part of its decision and code-execution workflow, so external, public documentation could meaningfully influence actions.