The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an interface to the bkt CLI tool, enabling the agent to perform extensive operations on Bitbucket Cloud and Data Center instances.
Evidence: Commands found throughout SKILL.md and all files in the rules/ directory (e.g., bkt pr create, bkt repo clone).
[EXTERNAL_DOWNLOADS]: Installation instructions refer to the official repositories of the author (avivsinai) on GitHub, Homebrew, and Scoop.
Evidence: brew install avivsinai/tap/bitbucket-cli, scoop bucket add avivsinai https://github.com/avivsinai/scoop-bucket, and links to github.com/avivsinai/bitbucket-cli/releases in SKILL.md.
[REMOTE_CODE_EXECUTION]: The skill includes functionality for managing CLI extensions which involves cloning Git repositories and executing the binaries contained within.
Evidence: bkt extension install <repository> and bkt extension exec <name> in rules/extension.md.
[DATA_EXFILTRATION]: Authentication credentials are managed via the OS keychain or environment variables, with warnings against insecure command-line flag usage.
Evidence: bkt auth login documentation in rules/auth.md and BKT_TOKEN environment variable usage in rules/headless.md.
[PROMPT_INJECTION]: The skill processes untrusted content from Bitbucket that could contain malicious instructions.
Ingestion points: Pull request descriptions (rules/pr.md), comments (rules/pr.md), and pipeline logs (rules/pipeline.md).
Boundary markers: None explicitly defined in the provided markdown instructions.
Capability inventory: Subprocess execution via the bkt binary.
Sanitization: No specific sanitization or filtering is mentioned for incoming Bitbucket data.

bkt