xurl
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends a highly dangerous installation method:
curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This pattern executes a shell script directly from an external, untrusted source (the 'xdevplatform' GitHub organization) without any verification of the script's contents. - [COMMAND_EXECUTION]: The skill's primary function involves executing the
xurlCLI tool and various subcommands. This grants the agent the ability to run commands that interact with external APIs and access local file system paths where the tool is installed. - [DATA_EXFILTRATION]: The tool manages sensitive API credentials stored in
~/.xurl. Although the skill includes explicit warnings to the agent not to read or leak this file, the tool itself requires access to these credentials to function, creating a risk surface for credential harvesting or accidental exposure through command output or logs. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the following attack surface:
- Ingestion points: Untrusted data from the X platform enters the agent context via
xurl search,xurl timeline, andxurl readcommands as described inSKILL.md. - Boundary markers: There are no delimiters or specific instructions provided to the agent to treat fetched social media content as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has the capability to perform write actions such as
xurl post,xurl follow, andxurl dm(found inSKILL.md), which could be triggered by instructions hidden in fetched tweets. - Sanitization: No evidence of sanitization, filtering, or validation of the external content is present.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata