bird
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@steipete/birdpackage from the npm registry. This is a third-party dependency not originating from a pre-approved trusted organization. - [CREDENTIALS_UNSAFE]: To function, the skill requires the user to provide sensitive Twitter authentication cookies (
auth_tokenandct0). These are high-value session identifiers that grant full access to the user's account. - [COMMAND_EXECUTION]: The skill operates by executing the
birdCLI tool through subprocess commands to perform actions such as reading timelines, searching, and posting tweets. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted content from the internet (X/Twitter posts) and has the capability to perform actions like posting and following.
- Ingestion points: Commands such as
bird read,bird home,bird search, andbird mentionspull external data into the agent's context. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are documented for the data ingestion.
- Capability inventory: The skill can execute various subprocess commands, including account engagement (
follow,unfollow,like) and content creation (tweet,reply). - Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed by the agent.
- [PRIVILEGE_ESCALATION]: The installation instructions recommend manual modification of
/etc/environmentfor proxy settings, which is a system-wide configuration change requiring elevated privileges.
Audit Metadata