atproto-annotations
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python scripts to perform ATProtocol operations such as writing, reading, and listing annotations.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the BlueSky PDS (bsky.social) and the PLC directory (plc.directory) to manage records and resolve identities. It also fetches content from user-provided URLs to extract page titles.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data which could potentially contain malicious instructions.
- Ingestion points: Page titles are fetched from arbitrary URLs in scripts/annotate.py, and annotation records are retrieved from remote ATProtocol repositories in scripts/annotate.py.
- Boundary markers: None detected. Fetched data is interpolated directly into output or records.
- Capability inventory: The skill has network access via urllib.request.urlopen and can write data to the ATProtocol network.
- Sanitization: Data is decoded as UTF-8 with replacement for errors, but no specific sanitization or escaping is applied to prevent instruction injection.
Audit Metadata