xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub repo and package-manager install options are generally low-risk, but the raw.githubusercontent.com install.sh and the instruction to curl | bash pose a notable risk because executing a remote shell script can deliver malware; http://localhost:8080/callback is just an OAuth redirect and not a download.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs use of xurl commands that fetch and read public, user-generated X (Twitter) content (e.g., "xurl read", "xurl search", "xurl timeline", streaming endpoints like "/2/tweets/search/stream"), which would cause the agent to ingest untrusted third-party posts that could influence its actions.