bird
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'bird' CLI utility from third-party sources via 'npm install -g @steipete/bird' and 'brew install steipete/tap/bird'. These repositories are managed by an external maintainer and are not part of the trusted vendors list.
- [COMMAND_EXECUTION]: The skill relies on executing the 'bird' binary to perform all operations, including reading data and posting updates. This grants the agent the ability to execute any command supported by the 'bird' CLI.
- [DATA_EXFILTRATION]: The skill handles sensitive authentication data by requiring '--auth-token' and '--ct0' cookies. It also supports accessing local browser databases and profile directories (e.g., '--chrome-profile-dir') to extract session cookies, which poses a risk of exposing personal authentication credentials to the agent environment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes untrusted data from external X/Twitter timelines and search results.
- Ingestion points: Data enters the agent context through 'bird read', 'bird search', 'bird home', and 'bird news' (via 'SKILL.md').
- Boundary markers: There are no explicit boundary markers or instructions to ignore commands embedded in the retrieved tweets.
- Capability inventory: The agent possesses the capability to 'bird tweet', 'bird reply', 'bird follow', and 'bird unfollow', allowing for automated engagement based on potentially malicious input.
- Sanitization: No sanitization or filtering of tweet content is defined before the data is passed to the agent for processing.
Audit Metadata