Skills
skills/vnord/skills/bkt/Gen Agent Trust Hub

bkt

Warn

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the bkt CLI tool from a GitHub repository (avivsinai/bitbucket-cli) not associated with a trusted organization.
  • [REMOTE_CODE_EXECUTION]: The bkt extension install <repo> command allows downloading and executing code from arbitrary GitHub repositories, creating a vector for remote code execution.
  • [COMMAND_EXECUTION]: The skill uses numerous shell commands for Bitbucket operations and tool installation (brew, scoop, go install), creating a broad command execution surface.
  • [DATA_EXFILTRATION]: The bkt api command enables raw network requests to Bitbucket endpoints, which could be misused to exfiltrate data to unauthorized servers.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data (PRs, issues, comments) from Bitbucket.
  • Ingestion points: bkt pr list, bkt pr view, bkt issue list, bkt pipeline logs (Files: SKILL.md, references/commands.md).
  • Boundary markers: None present.
  • Capability inventory: Shell execution, extension installation, Bitbucket API access.
  • Sanitization: No sanitization of external data was identified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 07:37 AM
Security Audit — agent-trust-hub — bkt