bird
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to extract and utilize sensitive authentication credentials. It explicitly references using cookies via flags like
--auth-tokenand--ct0, and encourages pointing the tool to local browser profile directories (e.g.,--chrome-profile-dir) to extract session data. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from third-party sources not included in the trusted vendors list. This includes the Homebrew formula
steipete/tap/birdand the NPM package@steipete/bird. - [COMMAND_EXECUTION]: The skill relies on executing the
birdbinary on the host system. This binary performs filesystem operations (reading browser cookie databases) and network requests based on user-provided arguments. - [PROMPT_INJECTION]: The skill acts as a vector for indirect prompt injection by ingesting untrusted data from X/Twitter.
- Ingestion points: Content is retrieved from the platform via commands like
bird read,bird search,bird home, andbird mentions. - Boundary markers: The skill lacks explicit instructions or markers to distinguish between retrieved social media content and system instructions.
- Capability inventory: The skill possesses the ability to post content (
bird tweet), modify account state (bird follow), and access local browser data. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external social media feeds before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata