xurl

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill recommends a highly dangerous installation method: curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This pattern executes a shell script directly from an external, untrusted source (the 'xdevplatform' GitHub organization) without any verification of the script's contents.
  • [COMMAND_EXECUTION]: The skill's primary function involves executing the xurl CLI tool and various subcommands. This grants the agent the ability to run commands that interact with external APIs and access local file system paths where the tool is installed.
  • [DATA_EXFILTRATION]: The tool manages sensitive API credentials stored in ~/.xurl. Although the skill includes explicit warnings to the agent not to read or leak this file, the tool itself requires access to these credentials to function, creating a risk surface for credential harvesting or accidental exposure through command output or logs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the following attack surface:
  • Ingestion points: Untrusted data from the X platform enters the agent context via xurl search, xurl timeline, and xurl read commands as described in SKILL.md.
  • Boundary markers: There are no delimiters or specific instructions provided to the agent to treat fetched social media content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The agent has the capability to perform write actions such as xurl post, xurl follow, and xurl dm (found in SKILL.md), which could be triggered by instructions hidden in fetched tweets.
  • Sanitization: No evidence of sanitization, filtering, or validation of the external content is present.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — xurl