backfilling-atproto
Warn
Audited by Snyk on Feb 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill directly fetches and processes user-generated ATProto content from public third‑party endpoints (e.g., https://public.api.bsky.app, https://plc.directory/{did}, and PDS endpoints such as https://comind.network/xrpc/com.atproto.repo.listRecords), so it ingests untrusted third‑party content that could carry indirect prompt injections.
Audit Metadata