bluesky

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs logging in by passing an app password on the command line (bsky login --password ...), which requires the agent to handle and potentially output the secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and displays user-generated content from the public Bluesky service (bsky.app) — e.g., client.get_timeline, app.bsky.feed.search_posts, client.get_profile, and notification.list_notifications in scripts/bsky.py — so the agent ingests untrusted third‑party posts/notifications as part of its runtime workflow.