bitbucket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent it "has access" to BITBUCKET_TOKEN and shows/instructs embedding that token into commands and a git remote URL (https://x-token-auth:${BITBUCKET_TOKEN}@...), which encourages including secret values verbatim in generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core behavior (SKILL.md and README.md) explicitly instructs the agent to "interact with Bitbucket repositories and pull requests using the BITBUCKET_TOKEN"—which requires fetching and reading repository data, PR descriptions, and comments from third-party Bitbucket repos (user-generated content) that can influence actions like commits, pushes, and PR creation.