bird

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The MacOS install line includes a base64-encoded payload piped to bash (and the Windows link points to a passworded zip), which hides and instructs execution of remote code—a deceptive/hidden instruction outside the advertised "bird" CLI purpose.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — both are suspicious: the GitHub release is a password‑protected ZIP from an untrusted/unknown account distributing a Windows package, and the other is an obfuscated/base64 command that curls and pipes a script from an IP/domain (classic malware distribution pattern).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains an obfuscated/macOS installer that base64-decodes and executes a shell command which curls and runs a script from a raw IP address (remote code execution / supply-chain vector), indicating a high risk of malicious behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and searches X/Twitter content (via commands like bird read <url-or-id>, bird thread, and bird search), which ingests untrusted, user-generated social media posts from public third-party sources that the agent will read and interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs the user/agent to download and execute a remote installer (curl/base64|bash and running an extracted provider), which would modify the host system and can run with elevated effects even though it doesn't explicitly request sudo, so it poses a significant risk to the machine state.