last30days
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing a local Python engine (
scripts/last30days.py) and various sub-scripts. It usessubprocess.runto call external binaries likenode(for vendored Twitter search) andyt-dlp(for YouTube data). - [COMMAND_EXECUTION]: Implementation plans in
docs/plans/2026-02-03-bird-cli-implementation.mddescribe a functioninstall_bird()that executesnpm install -g @steipete/bird, which attempts to perform a global package installation on the host system. - [CREDENTIALS_UNSAFE]: The skill is designed to read and use local browser cookies (Safari, Chrome, Firefox) to authenticate requests to the X (Twitter) GraphQL API. This behavior, while intended for functionality, involves accessing sensitive user session data.
- [EXTERNAL_DOWNLOADS]: The skill connects to multiple external APIs, including
api.openai.com,api.x.ai,hn.algolia.com,gamma-api.polymarket.com,api.search.brave.com,api.parallel.ai, andopenrouter.aito transmit search queries and retrieve data. - [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection.
- Ingestion points: It retrieves and processes untrusted data from Reddit threads, Hacker News comments, X posts, and auto-generated YouTube transcripts (orchestrated in
last30days.pyandyoutube_yt.py). - Boundary markers: Output from research scripts uses Markdown headers (e.g.,
### YouTube Videos) to separate sources, but the synthesis instructions inSKILL.mdencourage the agent to internalize all content. - Capability inventory: The agent has access to
Bash,Write, andWebSearchtools, which could be exploited if malicious instructions are processed from the research results. - Sanitization: No explicit sanitization or filtering of the retrieved content is described before it is passed to the agent for synthesis.
Audit Metadata