xray

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs generating and embedding credentials (UUIDs, X25519 privateKey, passwords, share links containing UUIDs/public keys) into configs and client links, which requires the LLM to handle and output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub link to an install shell script that would be fetched and executed; although it appears to come from the known XTLS/Xray-install repo, running remote .sh files is a high supply‑chain risk (can distribute malware if the repo or account is compromised or the script is malicious).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and execute a public GitHub raw install script (Step 1: curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh) and to interact with public services like Certbot/Let’s Encrypt, meaning it ingests untrusted third‑party content that can materially change actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" which fetches and executes a remote install script at runtime (https://github.com/XTLS/Xray-install/raw/main/install-release.sh), making it a required external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs installing software, editing system configuration files (e.g. /usr/local/etc/xray, /etc/letsencrypt), running package installs, enabling services with systemctl, and changing firewall rules — all privileged operations that modify the machine's state and require elevated privileges.