xurl
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation recommends installing the 'xurl' CLI utility from the '@xdevplatform' organization via npm, Homebrew, or Go. These external packages are necessary for the skill's documented CLI functionality but originate from a source not explicitly linked to the skill author.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data ingested from the X API.
- Ingestion points: The 'xurl.js' file contains several methods (e.g., search, getTweet, getUserTweets) that fetch content from external users.
- Boundary markers: There are no boundary markers or instructions to treat retrieved data as untrusted content, which may lead the agent to follow instructions embedded in tweets.
- Capability inventory: The skill possesses significant account-level permissions, including posting tweets, sending direct messages, and following/unfollowing users.
- Sanitization: Data retrieved from the API is returned as raw text and is not sanitized or filtered before being presented to the agent.
Audit Metadata