bluesky-jetstream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill connects to the public Bluesky Jetstream WebSocket (e.g., wss://jetstream2.us-east.bsky.network/subscribe) and ingests user-generated posts into the agent's memory/substrate (see ingest-to-substrate), so it clearly consumes untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill opens runtime WebSocket connections to wss://jetstream2.us-east.bsky.network/subscribe (and backup wss://jetstream1.us-west.bsky.network/subscribe) and explicitly injects incoming posts as ':user' control artifacts into the agent memory/substrate, which can directly influence agent prompts and behavior.