last30days
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains logic to automatically access and read sensitive browser cookie databases to extract authentication tokens for X (Twitter). * Evidence: scripts/lib/bird_x.py executes a Node.js script that uses @steipete/sweet-cookie to read databases from ~/Library/Cookies/ (Safari), ~/Library/Application Support/Google/Chrome/ (Chrome), and ~/Library/Application Support/Firefox/ (Firefox).
- [CREDENTIALS_UNSAFE]: The skill reads the OpenAI Codex authentication file to obtain access tokens and account IDs. * Evidence: scripts/lib/env.py reads ~/.codex/auth.json.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run complex Python scripts that further manage subprocesses for data collection. * Evidence: SKILL.md invokes python3 scripts/last30days.py.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from multiple social platforms and incorporates it into the agent context without boundary markers. * Ingestion points: scripts/last30days.py (collects data from external APIs). * Boundary markers: Absent. * Capability inventory: Bash, Write, AskUserQuestion, WebSearch. * Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill bundles third-party Node.js code and dependencies within its directory structure. * Evidence: scripts/lib/vendor/bird-search/ contains a vendored subset of the bird CLI tool.
- [DATA_EXFILTRATION]: Research topics and search queries are sent to multiple third-party API endpoints. * Evidence: api.scrapecreators.com, api.openai.com, api.x.ai, hn.algolia.com, gamma-api.polymarket.com.
Recommendations
- AI detected serious security threats
Audit Metadata