bitbucket-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read user-generated Bitbucket content (e.g., BITBUCKET_GET_PULL_REQUEST, BITBUCKET_GET_PULL_REQUEST_DIFF, BITBUCKET_LIST_ISSUES) from external Bitbucket workspaces as part of PR review and issue workflows, exposing it to untrusted third-party content that could influence subsequent actions.