The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill recommends an installation method that executes a remote shell script directly with the user's shell permissions.
Evidence: curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash found in the installation instructions of SKILL.md.
This execution pattern is highly risky as the contents of the script are not verified before execution.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of software from unverified third-party sources.
Evidence: Suggests installing packages from npm (@xdevplatform/xurl), Homebrew (xdevplatform/tap/xurl), and GitHub script downloads.
These sources originate from the xdevplatform organization which is not recognized as a trusted entity in the analysis environment.
[PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its data-processing capabilities.
Ingestion points: The skill ingests untrusted data via xurl search, xurl timeline, xurl mentions, xurl dms, and xurl read in SKILL.md.
Boundary markers: There are no instructions or delimiters implemented to separate system instructions from the content fetched from the API.
Capability inventory: The skill provides capabilities to post (xurl post), delete content (xurl delete), follow users (xurl follow), and send direct messages (xurl dm).
Sanitization: No sanitization or safety-filtering logic is described for handling the text returned from the API calls.
[COMMAND_EXECUTION]: The skill operates by executing an external CLI tool with various arguments and flags.
Evidence: Extensive use of the xurl command throughout SKILL.md for both specific social tasks and raw API access.

xurl