bird
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the @steipete/bird package from NPM or a Homebrew tap. These are external dependencies managed by a third party not included in the predefined trusted sources list.
- COMMAND_EXECUTION (LOW): The primary function of the skill is the execution of CLI commands to interact with a web service. While consistent with the skill's purpose, users should be mindful of the environment in which these commands are run.
- CREDENTIALS_UNSAFE (LOW): The tool is designed to handle sensitive authentication data, specifically browser cookies and session tokens (--auth-token, --ct0). No hardcoded secrets or evidence of exfiltration were detected, but the handling of such tokens requires careful management.
- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection. The skill ingests untrusted data from X/Twitter (such as tweets, news, and mentions) which could contain adversarial instructions intended to influence an AI agent's behavior. * Ingestion points: bird read, bird search, bird news, bird mentions, and bird home. * Boundary markers: Absent. There are no instructions for delimiting or sanitizing the data retrieved from the CLI tool before it is processed by the agent. * Capability inventory: The skill provides the ability to read, search, and post content (tweets/replies), creating a possible loop for automated interactions with malicious data. * Sanitization: Absent. The skill does not describe methods for filtering or escaping the content retrieved from the X/Twitter GraphQL API.
Audit Metadata