bitbucket
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages authentication using environment variables (BITBUCKET_API_TOKEN), which is a recommended practice for secure secret handling.
- [SAFE]: All external network requests are directed to bitbucket.org, a well-known and trusted source control service.
- [COMMAND_EXECUTION]: The skill uses the 'af' (and 'bb' alias) command-line tool to perform operations. This tool is a vendor-provided resource for interacting with Bitbucket Cloud.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to process external data that could contain malicious instructions.
- Ingestion points: Pull request titles, descriptions, comments, and code diffs retrieved via commands like 'af bb pr get' or 'af bb pr diff'.
- Boundary markers: There are no explicit instructions in the skill to use delimiters or ignore instructions embedded within the Bitbucket content.
- Capability inventory: The agent can perform significant actions including merging pull requests, declining pull requests, and triggering Bitbucket Pipelines.
- Sanitization: The skill does not specify any sanitization or validation of the content retrieved from Bitbucket before it is processed by the agent.
Audit Metadata