xurl
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes a high-risk installation command that downloads a script from an untrusted GitHub repository and pipes it directly into the shell for execution (curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash). This pattern allows for arbitrary remote code execution from a source outside the control of trusted vendors.\n- [DATA_EXFILTRATION]: The skill is designed to manage and access sensitive authentication data stored in ~/.xurl. While it provides instructions to the agent to avoid leaking this data, the use of a standardized credential storage path combined with network-capable commands creates a risk of sensitive data exposure or exfiltration.\n- [PROMPT_INJECTION]: The skill creates a significant surface for indirect prompt injection by ingesting untrusted data from the X API.\n
- Ingestion points: API responses from xurl search, xurl timeline, and xurl mentions (SKILL.md).\n
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the retrieved social media content.\n
- Capability inventory: xurl post, xurl delete, xurl follow, and xurl dm (SKILL.md).\n
- Sanitization: Absent. No validation or filtering of external content is implemented before the agent processes the retrieved text.\n- [COMMAND_EXECUTION]: The skill relies on the execution of multiple CLI commands via the xurl binary to perform account actions and data retrieval, which can be exploited if the inputs or the tool's environment are manipulated.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata