xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The x.com and api.x.com endpoints and the GitHub repo URL look like legitimate, low‑risk resources, but the raw.githubusercontent.com install.sh intended to be piped to bash is a direct executable script download/execute pattern (curl | bash) which is a high‑risk vector if the repo or script are malicious or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and reads public, user-generated X content (e.g., SKILL.md commands like "xurl read", "xurl search", "xurl timeline", "xurl dms" and the "Search and engage" / "Reply to a conversation" workflows), and those third‑party posts can be interpreted by the agent and drive follow-up actions (likes, replies, reposts), enabling indirect prompt injection.