The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/bitbucket-api.mjs is vulnerable to credential exfiltration. The requestApi function attaches the Authorization header (containing either a Bearer token or Base64-encoded credentials) to outgoing requests. Because the toUrl function accepts and returns absolute URLs starting with http:// or https://, the script will send these sensitive credentials to any external domain provided as an argument. An attacker could exploit this by tricking the agent into making a request to a malicious server.
[COMMAND_EXECUTION]: The skill relies on a local Node.js script to perform API operations. This script lacks necessary validation to restrict network requests to trusted Bitbucket domains, which significantly increases the risk of the tool being misused for unauthorized data transmission.
[DATA_EXFILTRATION]: The skill instructions in SKILL.md reference absolute local file paths (e.g., /Users/tao.exe/Documents/...) for the helper script. This suggests the skill may be tailored for a specific, potentially insecure local environment, and hardcoding such paths is a poor security practice that can lead to unexpected execution behavior if the environment changes.

bitbucket-api-env