xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Domains (github.com, raw.githubusercontent.com, x.com, api.x.com) are legitimate, but the presence of a raw.githubusercontent.com install.sh intended to be curl‑| bash from an otherwise not‑widely‑known GitHub repo makes this a potentially risky download vector — executing remote shell scripts and installing packages from an unknown account can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and reads public, user-generated X content (e.g., SKILL.md commands like "xurl read", "xurl search", "xurl timeline", "xurl dms" and the "Search and engage" / "Reply to a conversation" workflows), and those third‑party posts can be interpreted by the agent and drive follow-up actions (likes, replies, reposts), enabling indirect prompt injection.