atproto-annotations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web pages and public ATProtocol user data (see SKILL.md "When annotating a document or webpage: 1. Fetch and read the full content first" and scripts/annotate.py's fetch_page_title, list_annotations, and resolve_pds/plc.directory calls), so untrusted third-party content can influence annotation generation and subsequent actions.