bird

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and encourages passing cookie secrets on the command line (e.g., --auth-token / --ct0), which requires the agent to accept and embed secret cookie values verbatim in commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and displays public, user-generated content from X/Twitter (e.g., via commands like "bird read", "bird thread", "bird replies", "bird search", "bird home", and "bird news --with-tweets"), so the agent will ingest and interpret untrusted third-party posts and replies fetched from the open web.