bird
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
birdCLI tool from a third-party Homebrew tap (steipete/tap/bird). This source is not listed as a trusted vendor, and the integrity of the downloaded binary is not verified within the skill's instructions. - [CREDENTIALS_UNSAFE]: The tool is designed to access browser cookies (e.g., Firefox and Chrome) to authenticate with X/Twitter. This involves reading sensitive session and credential data directly from the user's local browser profiles, which constitutes access to sensitive file paths.
- [COMMAND_EXECUTION]: The skill executes various commands via the
birdCLI on the host system to perform actions such as reading, searching, and posting tweets. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection from external content retrieved from X/Twitter.
- Ingestion points: Fetches untrusted data from X/Twitter via
bird read,bird thread, andbird searchcommands. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to disregard instructions potentially contained within the retrieved tweets.
- Capability inventory: The skill is capable of posting to the web via
bird tweetandbird reply, which could be exploited to manipulate the account or exfiltrate information. - Sanitization: No evidence of sanitization or validation is present to ensure that fetched content does not influence the agent's behavior maliciously.
Recommendations
- AI detected serious security threats
Audit Metadata