Bluesky Search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/search.py) call the public Bluesky API (https://public.api.bsky.app) to fetch and display user-generated posts, profiles, feeds, and threads (e.g., app.bsky.feed.searchPosts, getAuthorFeed, getPostThread), so it ingests untrusted third‑party social content that could carry indirect prompt-injection payloads.