The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install its primary dependency using a highly dangerous command: curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This pattern allows for the execution of arbitrary remote code on the host machine. The source repository is not associated with the skill author or any trusted organizations, posing a severe risk if the script is modified maliciously.- [EXTERNAL_DOWNLOADS]: The skill depends on the xurl binary, which it suggests downloading from several unverified third-party locations, including the xdevplatform/tap Homebrew tap and the @xdevplatform/xurl NPM package. These sources are not recognized as trusted vendors and lack cryptographic verification mechanisms in the provided instructions.- [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection as it retrieves and processes untrusted data from the X API (e.g., posts, search results, and DMs).
Ingestion points: Commands such as xurl search, xurl read, and xurl mentions in SKILL.md bring external user-generated content into the LLM's context.
Boundary markers: There are no boundary markers or explicit instructions to ignore potentially malicious directions embedded in the social media content.
Capability inventory: The skill allows the agent to perform write operations (posting, deleting, following) and execute shell commands, which could be abused if an injection attack succeeds.
Sanitization: No sanitization or validation logic is defined to inspect the content retrieved from the X API before it is interpreted by the agent.

xurl