bird
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions for executing the
birdcommand-line utility. This includes parameters for accessing browser profile directories (--chrome-profile-dir) and configuration files (~/.config/bird/config.json5) to extract session cookies for authentication. - [EXTERNAL_DOWNLOADS]: The skill metadata and documentation specify the installation of external software packages from the npm registry (
@steipete/bird) and Homebrew (steipete/tap/bird). These are used to provide the core functionality of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources (X/Twitter tweets, replies, and search results).
- Ingestion points: Data enters the agent context through commands like
bird read,bird thread,bird home, andbird search. - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded commands within the fetched social media content.
- Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, such as posting content (
bird tweet), replying to users (bird reply), and modifying the social graph (bird follow). - Sanitization: No sanitization or filtering of the fetched social media content is described in the skill instructions.
Audit Metadata