xurl
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill calls the X/Twitter public API (api.twitter.com) to fetch and search user-generated tweets and profiles (see xurl.js methods like search, getTweet, getUserTweets and the SKILL.md "Search Tweets"/"Get Tweet by ID"/"Get User Tweets" commands), so untrusted third-party content could be read and then used to drive replies, posts, or other actions.
Audit Metadata