xurl

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). Although the GitHub and X API domains are legitimate, the presence of a raw.githubusercontent.com install.sh referenced for curl | bash installation (and an unknown GitHub user/repo) makes this a potentially suspicious download source because running an unreviewed remote install script can deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill’s runtime path is executing xurl against X API endpoints (e.g., xurl read/search/timeline), and the LLM ingests the returned JSON fields like text/message from those responses; those texts are authored by other users (outsider content) and thus can include free-form prompt-injection strings.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions include a runtime command that fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash, which is a direct remote-code execution dependency required to install the xurl CLI.

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 06:06 AM
Issues
3
Security Audit — snyk — xurl