bkt

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example of passing a Personal Access Token on the command line (e.g., --token <PAT>), which instructs embedding secrets verbatim in commands and therefore encourages insecure handling/exfiltration of secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and read Bitbucket-hosted, potentially public/user-generated content (e.g., via commands like "bkt pr view", "bkt issue view --comments", "bkt pipeline logs", and the unrestricted "bkt api" escape hatch against hosts such as bitbucket.org), so untrusted third-party PRs/issues/comments/logs could be read and materially influence follow-up actions.