atproto-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests public, user-generated social media content from Bluesky/AT Protocol endpoints (e.g., https://bsky.social/xrpc/... for feeds/threads and wss://bsky.network/xrpc/com.atproto.sync.subscribeRepos for the firehose), which the agent parses and interprets as part of its workflow, exposing it to untrusted third‑party content that could enable indirect prompt injection.