xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes a raw GitHub-hosted install.sh recommended to be run via "curl ... | bash" (direct download-and-execute of an unverified shell script) and a third-party GitHub repo of unclear reputation, which are high‑risk distribution vectors even though the other links (tweet and API endpoint) are benign — verify the repo/maintainer and inspect the script before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and reads public, user-generated X content (e.g., SKILL.md commands like "xurl read", "xurl search", "xurl timeline", "xurl dms" and the "Search and engage" / "Reply to a conversation" workflows), and those third‑party posts can be interpreted by the agent and drive follow-up actions (likes, replies, reposts), enabling indirect prompt injection.