xurl
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). Although the GitHub and X API domains are legitimate, the presence of a raw.githubusercontent.com install.sh referenced for curl | bash installation (and an unknown GitHub user/repo) makes this a potentially suspicious download source because running an unreviewed remote install script can deliver malware.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime path is executing
xurlagainst X API endpoints (e.g.,xurl read/search/timeline), and the LLM ingests the returned JSON fields liketext/messagefrom those responses; those texts are authored by other users (outsider content) and thus can include free-form prompt-injection strings.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions include a runtime command that fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash, which is a direct remote-code execution dependency required to install the xurl CLI.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata