The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Installation instructions include a command that downloads a shell script from a remote URL and pipes it directly into the bash interpreter (curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash). This executes remote code from an untrusted repository without prior verification or checksum validation.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the xurl CLI tool from several external, unverified sources including a third-party Homebrew tap (xdevplatform/tap/xurl), an npm package (@xdevplatform/xurl), and a Go package (github.com/xdevplatform/xurl).
[COMMAND_EXECUTION]: The skill relies on the execution of the xurl binary. This allows the agent to perform actions like posting, replying, and accessing raw API endpoints, which could be manipulated to perform unintended actions if the agent is compromised.
[DATA_EXFILTRATION]: The skill references and interacts with sensitive credentials stored in ~/.xurl. Although the documentation instructs the agent not to expose this file, the capability to read it exists, creating a risk of credential exposure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted data from the X platform (tweets, DMs, search results).
Ingestion points: Untrusted content enters the system through xurl read, xurl search, xurl timeline, xurl mentions, and xurl dms in SKILL.md.
Boundary markers: No specific delimiters are defined in SKILL.md to separate untrusted platform content from the agent's instructions.
Capability inventory: The skill can perform state-changing actions such as posting, following, and raw API calls in SKILL.md.
Sanitization: There is no evidence of sanitization or escaping of the retrieved content before it is processed by the agent in SKILL.md.

xurl