pp-bird
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
bird-pp-clitool usingnpx -y @mvanhorn/printing-pressandgo installfromgithub.com/mvanhorn/printing-press-library. These are vendor-owned resources associated with the skill's author. - [COMMAND_EXECUTION]: The skill's primary function is to execute the
bird-pp-clibinary within a bash environment to perform messaging and administrative tasks. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature that allows output to be POSTed to an external URL. This is a documented functionality for automation but could be used as an exfiltration vector if the agent is directed to an untrusted endpoint. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the Bird API and local CSV files.
- Ingestion points: Message bodies fetched via
sms searchandconversations timeline, and CSV files used insms send-batchin the file SKILL.md. - Boundary markers: Absent. There are no instructions to the agent to treat external content as untrusted or to ignore embedded commands.
- Capability inventory: The agent has access to
Read Bashin SKILL.md, allowing it to execute the CLI tool which can perform network operations via webhooks and potentially write files. - Sanitization: Absent. The skill does not mention any validation or filtering of the content retrieved from external sources before presenting it to the agent.
Audit Metadata