The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an installation command curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. Piping remote content directly into a shell is a dangerous pattern that allows for arbitrary code execution on the user's system without prior review, especially when originating from unverified repositories.
[EXTERNAL_DOWNLOADS]: The skill instructions and metadata reference several external sources for downloading the xurl binary, including Homebrew (xdevplatform/tap/xurl), NPM (@xdevplatform/xurl), and direct GitHub script downloads. These resources belong to the xdevplatform organization, which is not a recognized or trusted service provider.
[COMMAND_EXECUTION]: The skill is built around executing a wide array of system commands via the xurl CLI. This includes administrative tasks like xurl auth and operational tasks like xurl post, xurl media upload, and xurl dm. This grants the agent significant autonomy to modify account state and interact with external APIs.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from the X platform, which can contain malicious instructions intended to manipulate the agent's behavior.
Ingestion points: Data enters the agent context through commands like xurl search, xurl timeline, xurl read, and xurl mentions (referenced in SKILL.md).
Boundary markers: The instructions lack delimiters or specific warnings to the agent to treat the retrieved social media content as untrusted data.
Capability inventory: The agent has the capability to write back to the platform (xurl post, xurl reply), upload media, and execute shell commands.
Sanitization: There is no evidence of sanitization or filtering applied to the data fetched from the X API before it is processed by the agent.

xurl