xbird

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and interprets public Twitter/X user-generated content (tweets, timelines, search results) via its MCP/REST/ACP tools (see skills/xbird/tools.md and skills/xbird-rest-api/endpoints.md and SKILL.md) and then uses those results to drive actions (e.g., search_tweets → like_tweet/retweet), so untrusted third‑party content can materially influence agent behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly installs/runs external packages at runtime (e.g., "npx @checkra1n/xbird" / "bunx @checkra1n/xbird"), which fetches and executes remote code from the npm package page https://www.npmjs.com/package/@checkra1n/xbird (and the linked repo https://github.com/checkra1neth/xbird), making it a required runtime dependency that executes external code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly creates a payment wallet and advertises "x402 micropayments" and per-action pricing (Read $0.001, Search $0.005, etc.). It auto-generates a wallet on first run — i.e., a crypto/payment wallet capability — which falls under "Crypto/Blockchain (Wallets...)" in the core rule. That indicates the skill is specifically designed to perform or enable financial transactions (micropayments), not just generic API calls or browser automation. Therefore it grants direct financial execution capability.