bluesky-reader
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads external data from Bluesky posts via a public API, which creates a surface for indirect prompt injection where malicious content in a post could attempt to influence agent behavior.
- Ingestion points: Untrusted content is fetched from the AT Protocol public API endpoint
https://public.api.bsky.app/xrpc/app.bsky.feed.getAuthorFeed. - Boundary markers: No delimiters or isolation instructions are specified in the skill documentation to separate post content from agent instructions.
- Capability inventory: The skill uses the Bash tool to execute python3 scripts for data retrieval and local keyword filtering.
- Sanitization: No sanitization, filtering, or validation of the external API response content is described in the markdown.
Audit Metadata