res-x

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most entries are benign tweet/article URLs (low direct-download risk), but the explicit instruction to curl-and-run https://astral.sh/uv/install.sh is a high-risk direct shell installer from an unvetted domain (no checksum/verification) and could be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated X/Twitter posts and external web articles via the xAI x_search and web_search tools (see SKILL.md and scripts/x_fetch.py — e.g., fetch_urls, _build_prompt_for_chunk, build_single_article_prompt) and returns that content for the agent to read and act on, exposing it to untrusted third-party content that could contain indirect prompt-injection.