Skills
skills/oaustegard/claude-skills/sampling-bluesky-zeitgeist/Gen Agent Trust Hub

sampling-bluesky-zeitgeist

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The SKILL.md workflow instructs the agent to execute npm install ws https-proxy-agent. This installs dependencies from the public npm registry at runtime without version pinning or integrity verification, creating a dependency on unverified external sources.
  • [COMMAND_EXECUTION] (LOW): The skill requires the execution of shell commands (node, cp, npm) to process data and manage assets. While these are necessary for the skill's functionality, they represent a standard attack surface for local command execution.
  • [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to indirect prompt injection due to its core functionality of sampling the Bluesky firehose.
  • Ingestion points: scripts/zeitgeist-sample.js ingests untrusted real-time post data from wss://jetstream1.us-east.bsky.network/subscribe.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings for the agent to disregard instructions that may be embedded in the sampled social media posts.
  • Capability inventory: The skill possesses the capability to write to the local filesystem (/mnt/user-data/outputs/zeitgeist.html) and to produce summaries that influence the agent's current context.
  • Sanitization: The ZeitgeistSampler class performs basic tokenization for frequency analysis, but the samplePosts output retains the original raw text and alt-text, which are subsequently processed by the agent and included in the final HTML artifact.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:19 AM