xurl
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation section suggests a command that downloads and executes a shell script directly from a remote URL:
curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This 'pipe to shell' pattern is dangerous because it executes unverified code with the user's privileges. - [EXTERNAL_DOWNLOADS]: The skill references and installs software from several external package managers and repositories, including Homebrew (
xdevplatform/tap/xurl), NPM (@xdevplatform/xurl), and GitHub (github.com/xdevplatform/xurl). - [PROMPT_INJECTION]: The skill processes untrusted data from the X API, making it vulnerable to indirect prompt injection where malicious content in tweets or messages could influence the agent's behavior.
- Ingestion points: Data returned from
search,read,mentions,timeline, anddmscommands. - Boundary markers: Absent. There are no instructions to the agent to treat API output as untrusted or to wrap it in delimiters.
- Capability inventory: The tool has broad capabilities to post, reply, follow, block, and send DMs, which could be abused if an injection is successful.
- Sanitization: Absent. The skill does not suggest any filtering or validation of the text content returned from the API.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
Audit Metadata