skills/avivsinai/bitbucket-cli/bkt/Gen Agent Trust Hub

bkt

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documents commands such as bkt extension install and bkt extension exec, which enable the cloning and execution of code from remote Git repositories.
  • [DATA_EXFILTRATION]: The tool handles sensitive Bitbucket authentication tokens (PATs and OAuth tokens). While it implements measures to strip these from the environment before running extensions, the core functionality requires access to these credentials to interact with Bitbucket APIs.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading the bkt CLI and its extensions from external sources, including GitHub and Bitbucket, with several references targeting the author's own repositories.
  • [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface as it retrieves content from Bitbucket (e.g., Pull Request descriptions and Issue bodies) and possesses the capability to perform sensitive actions like merging code or executing extensions.
  • Ingestion points: Untrusted data enters the agent's context through commands like bkt pr view, bkt issue view, and bkt pr list which fetch information from external Bitbucket servers.
  • Boundary markers: Not present. The skill does not instruct the agent to use delimiters or specific warnings when processing data fetched from Bitbucket.
  • Capability inventory: The skill allows the execution of shell commands, network operations via the bkt api command, and the execution of external code through the extension system.
  • Sanitization: Not specified. Content retrieved from Bitbucket is not explicitly sanitized or validated before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 08:37 AM
Security Audit — agent-trust-hub — bkt