The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements secure credential management practices.
Evidence: In scripts/bsky.py, the save_config function applies os.chmod(CONFIG_PATH, 0o600) to the configuration file, ensuring it is only accessible by the current user.
Evidence: The cmd_login command is designed to store only the session token returned by the server, explicitly avoiding the storage of the user's app password on disk.
[EXTERNAL_DOWNLOADS]: The skill uses official and well-known libraries for its functionality.
Evidence: The requirements.txt file specifies atproto, which is the recognized library for the AT Protocol. Dependencies are managed via standard package registries.
[COMMAND_EXECUTION]: Static analysis detected subprocess.run calls, but they are limited to the test environment.
Evidence: In tests/test_cli.py, subprocess.run is used to execute the local bsky.py script for unit testing purposes (e.g., checking the --version and --help flags). This does not involve unsanitized user input in the production code path.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection, which is managed at a safe level for its intended purpose.
Ingestion points: The skill reads external data from the Bluesky network via cmd_timeline, cmd_search, and cmd_notifications in scripts/bsky.py.
Boundary markers: Output is printed as plain text without specialized boundary delimiters.
Capability inventory: The agent can post and delete content on behalf of the user.
Sanitization: While the skill does not implement natural language sanitization for the feed content it displays, this is a standard characteristic of social media clients and does not represent a malicious design in the skill itself.

bluesky