bird-fast
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @steipete/bird package via npm, pnpm, or bun, and also supports installation via a Homebrew tap from an external repository.- [DATA_EXFILTRATION]: The bird CLI tool extracts sensitive session data (auth_token and ct0 cookies) directly from browser databases on the local file system. This allows the tool to impersonate the user's Twitter session without using official OAuth flows.- [COMMAND_EXECUTION]: The skill automates Twitter actions by executing shell commands through the bird CLI, including posting content and searching for information.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from an external platform.
- Ingestion points: Content is retrieved via bird read, bird search, bird thread, and bird mentions (SKILL.md).
- Boundary markers: There are no delimiters or instructions provided to the agent to ignore embedded commands in the retrieved tweet content.
- Capability inventory: The skill has the ability to post new content or replies using bird tweet and bird reply (SKILL.md).
- Sanitization: No validation or filtering mechanisms are mentioned for the data fetched from X/Twitter.
Audit Metadata