bird
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installation of the @steipete/bird NPM package and a third-party Homebrew tap (steipete/tap/bird), which are external dependencies from a source not listed as a trusted vendor.
- [CREDENTIALS_UNSAFE]: The tool is designed to manage and utilize sensitive authentication data, including --auth-token and --ct0 cookies. It specifically provides mechanisms to extract these secrets from local browser profile directories (Chrome, Firefox, Arc).
- [COMMAND_EXECUTION]: The skill performs command-line operations to interact with X/Twitter APIs. Automating these commands (e.g., bird tweet, bird follow) based on data retrieved from the web carries operational risk.
- [INDIRECT_PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection.
- Ingestion points: External data enters the context through bird read, bird search, bird home, and bird mentions as described in SKILL.md.
- Boundary markers: Absent; there are no instructions or delimiters provided to prevent the agent from obeying instructions embedded in tweets.
- Capability inventory: The skill includes high-impact capabilities such as bird tweet, bird reply, bird follow, and bird unfollow across the CLI implementation.
- Sanitization: Absent; no evidence of content filtering or escaping of fetched tweet data is present in the skill definition.
Audit Metadata