autofix

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires the agent to execute and then include CodeRabbit's "🤖 Prompt for AI Agents" content and exact issue titles verbatim (shown in reports and PR comments), so if those prompts/comments contain secrets or credentials the LLM will be forced to echo them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches PR comments from Bitbucket using bkt pr comments (Step 3 / bitbucket.md) and explicitly extracts and "execute[s] CodeRabbit's agent prompt" from the "🤖 Prompt for AI Agents" block (Steps 4, 6, 7), so untrusted third-party PR comment content would be read and directly drive agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches PR comments at runtime via the Bitbucket CLI (bkt pr comments) from the Bitbucket API (e.g. https://api.bitbucket.org/) and then directly executes the "🤖 Prompt for AI Agents" content from those comments as instructions, so remote content controls agent prompts.