em-capture-idea
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution using the
birdCLI tool to interact with Twitter and fetch news data. Commands used includebird bookmarks,bird read,bird unbookmark, andbird trending. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external CLI tool (
bird) from a third-party Homebrew tap (steipete/tap/bird). While this is the intended mechanism for the skill's functionality, it introduces a dependency on an external source not managed by the skill author or a trusted vendor. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external URLs and social media posts which could contain malicious instructions.
- Ingestion points: Untrusted data enters the context through URLs, tweet content, and news/trending topic descriptions (Flows A, B, and C in SKILL.md).
- Boundary markers: The skill does not implement delimiters or safety warnings to prevent the agent from executing instructions found within the captured content.
- Capability inventory: The agent has the capability to execute shell commands (via the
birdtool) and perform file-write operations to the user's Obsidian vault. - Sanitization: No sanitization or content validation is performed on the external data before it is analyzed and saved.
Audit Metadata