bluesky
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill utilizes the
bskyCLI tool to post content. This introduces a potential command injection risk if the agent interpolates untrusted data from repositories into the shell command without proper escaping or sanitization. - [Data Exposure & Exfiltration] (LOW): The skill's primary purpose is to send data to an external service (Bluesky). While it explicitly warns against posting content from private repositories, there is an inherent risk of accidental data exposure if the agent misinterprets sensitive strings in public repositories as shareable content.
- [Indirect Prompt Injection] (LOW): The skill encourages the agent to proactively scan public repositories for 'interesting' content. This creates a surface where an attacker could place malicious instructions in repository files, commit messages, or metadata to influence the agent's posting behavior.
- Ingestion points: Public repositories (milestones, technical insights, and project updates) as specified in
SKILL.md. - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the discovered repository content.
- Capability inventory: Command execution via
bsky postand network transmission to the Bluesky API. - Sanitization: Absent; the workflow does not provide instructions for validating or sanitizing content extracted from the environment before use.
Audit Metadata