bird
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill describes handling X/Twitter authentication cookies (auth_token, ct0) and provides instructions for extracting them from browser profile directories or configuration files.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the @steipete/bird package from npm and the steipete/tap/bird formula from Homebrew, which are external dependencies.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Fetches data from X/Twitter via commands such as bird read, bird thread, and bird search (SKILL.md). Boundary markers: No specific delimiters or ignore instructions are provided for external content. Capability inventory: Includes writing capabilities through the bird tweet and bird reply commands (SKILL.md). Sanitization: No sanitization or filtering of the fetched external content is mentioned.
Audit Metadata