xurl

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of a direct raw GitHub shell script (https://raw.githubusercontent.com/.../install.sh) and an explicit curl | bash install instruction is a high‑risk pattern for distributing malware even though the repo and API/X URLs themselves look like normal project and API links.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and read user-generated public X content (e.g., xurl read, xurl search, xurl timeline, xurl mentions and the "Search and engage" / "Reply to a conversation" workflows) and then perform actions (like/reply/repost), so untrusted third-party posts can materially influence tool use and next actions.