pp-bird

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the bird-pp-cli tool using npx -y @mvanhorn/printing-press and go install from github.com/mvanhorn/printing-press-library. These are vendor-owned resources associated with the skill's author.
  • [COMMAND_EXECUTION]: The skill's primary function is to execute the bird-pp-cli binary within a bash environment to perform messaging and administrative tasks.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that allows output to be POSTed to an external URL. This is a documented functionality for automation but could be used as an exfiltration vector if the agent is directed to an untrusted endpoint.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the Bird API and local CSV files.
  • Ingestion points: Message bodies fetched via sms search and conversations timeline, and CSV files used in sms send-batch in the file SKILL.md.
  • Boundary markers: Absent. There are no instructions to the agent to treat external content as untrusted or to ignore embedded commands.
  • Capability inventory: The agent has access to Read Bash in SKILL.md, allowing it to execute the CLI tool which can perform network operations via webhooks and potentially write files.
  • Sanitization: Absent. The skill does not mention any validation or filtering of the content retrieved from external sources before presenting it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:58 PM
Security Audit — agent-trust-hub — pp-bird