x-reader
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill utilizes the 'bird' CLI tool, which is documented to automatically extract authentication cookies from the user's Chrome browser profile. This represents a significant credential exposure risk as it accesses private session data stored locally on the user's machine.\n- [COMMAND_EXECUTION]: The skill employs shell commands (bash) to modify system environment variables and execute external programs. Specifically, it updates the PATH and runs the 'bird' and 'curl' binaries, providing a mechanism for arbitrary command execution.\n- [PROMPT_INJECTION]: The skill reads and processes untrusted data from X/Twitter URLs, which constitutes an indirect prompt injection attack surface.\n
- Ingestion points: Twitter/X content fetched via the 'bird' CLI or the Jina Reader service (referenced in SKILL.md).\n
- Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to prevent the AI from obeying instructions embedded in the fetched content.\n
- Capability inventory: Execution of shell commands through 'bird' and 'curl'.\n
- Sanitization: Absent. The skill does not include steps to sanitize or validate the external content before it is processed by the AI.
Recommendations
- AI detected serious security threats
Audit Metadata