bitbucket

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The set includes a direct raw GitHub install script (curl|sh) and a Scoop bucket repo (both can deliver and execute arbitrary binaries/scripts), which are high-risk distribution vectors even though the other links are internal Bitbucket-style URLs and not direct downloads.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill documentation explicitly provides admin-level backdoor-like capabilities to bypass Bitbucket review and merge protections (e.g., pr merge --bypass-review, temporarily setting required-approvals to 0, and deleting reviewer conditions), and includes risky operational guidance (curl | sh install, tls_skip_verify: true, cached 1Password tokens) that can be abused for unauthorized merges, policy circumvention, and supply-chain or MITM attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets Bitbucket pull requests, diffs, and PR activity (including user comments) via the orbit CLI as shown in SKILL.md under "Working with Pull Requests" and "View PR activity" and it also accepts Bitbucket Server URLs to extract project/repo info, meaning untrusted user-generated content from those PRs/comments can materially influence approve/merge actions.