xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of a raw.githubusercontent.com/install.sh that the skill tells users to curl | bash is a high‑risk pattern (remote shell script execution) unless the GitHub repo (https://github.com/xdevplatform/xurl) is verified and reviewed; the repo link itself is neutral-to-low risk if well-established, and the http://localhost:8080/callback URI is benign for OAuth redirects.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs use of xurl commands that fetch and read public, user-generated X (Twitter) content (e.g., "xurl read", "xurl search", "xurl timeline", streaming endpoints like "/2/tweets/search/stream"), which would cause the agent to ingest untrusted third-party posts that could influence its actions.