Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external command-line utilities, specifically the
birdCLI tool andsmaug(vianpx), to perform actions like fetching tweets and managing archives. - [EXTERNAL_DOWNLOADS]: Setup instructions require the installation of third-party software from external sources, including a Homebrew tap (
steipete/tap/bird) and an NPM package (@steipete/bird), which are not from a verified trusted organization. - [DATA_EXFILTRATION]: The skill accesses sensitive local files, such as
~/.config/env/global.envand.envfiles, to retrieve X API credentials (Bearer tokens and OAuth keys) required for communication with the official X API. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes and displays untrusted content (tweets) from external sources.
- Ingestion points: Untrusted data is ingested via the X API and the
birdscraping tool. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched tweet content as data rather than instructions.
- Capability inventory: The skill possesses capabilities for network communication, file system operations (reading credentials and writing research files), and subprocess execution.
- Sanitization: The skill performs basic formatting and truncation of tweet text but lacks robust sanitization to prevent adversarial instructions within tweets from influencing the agent's behavior.
Audit Metadata