bkt

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass secrets directly on the command line (e.g., --token <PAT> and mentions client secret env vars in a context where a user/agent might be instructed to paste secrets into commands), which requires embedding secret values verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and runs untrusted user-generated third-party content — e.g., "bkt extension install " and "bkt extension exec" (installing/executing arbitrary Git repos like https://github.com/user/bkt-formatter) and commands that read issue/PR comments, attachments, and pipeline logs (bkt issue comment/list, bkt pr comments, bkt pipeline logs, and bkt api) which the agent would read and could materially influence subsequent actions.