xfetch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs copying Twitter session cookies (auth_token and ct0) and shows CLI examples and flags that pass those tokens directly (e.g., --auth-token, --ct0, auth set), which requires the agent to include secret cookie values verbatim in generated commands or outputs.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Moderately suspicious: the GitHub repo and X status link are plausible sources, but installing an unvetted npm CLI and being asked to supply Twitter session cookies (auth_token/ct0) creates a meaningful risk of credential exfiltration or distribution of malicious code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows xfetch scrapes public X/Twitter content (tweets, profiles, search results, timelines) from x.com using cookie-based auth, which is untrusted user-generated third-party content that the agent fetches and processes as part of its workflow.