Well yes but actually no. Like @\why.bsky.team is saying, what's happening is that someone wrote custom code to do the mentioning Like That. The way you mention ppl on bsky is by adding "facets" (1 in the image) into your payload which contain mentions (or links or whatever) (2 in the image) BUT this is completely divorced from the actual text (3 in the image).
Mastodon is also vulnerable to this to an extent because if you know how to interact with ActivityPub directly, you can do Crimes like that too.
Bluesky is in a funny situation because the canonical way of interacting with it in code is a light wrapper around ATProto so it seems there's not a lot of guardrails around what clients can do.
I'm very curious to know how this is will get mitigated because the whole proposition of ATProto is that it's supposed to be a "general purpose" protocol like ActivityPub, with Bluesky being a client using it. Maybe they'll fix it because they want their protocol to be text-based stuff only? Who knows, I don't know.
In any case it is very funny because it's a good illustration of the programmer meme "if you only have UI-based protections around an edge-case, you basically have nothing".
