bitbucket-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Bitbucket repositories while possessing significant write-access capabilities.
- Ingestion points: The agent retrieves untrusted content via tools such as BITBUCKET_GET_PULL_REQUEST_DIFF, BITBUCKET_GET_PULL_REQUEST, and BITBUCKET_LIST_ISSUES.
- Boundary markers: There are no specific instructions or delimiters mentioned to isolate ingested data from the agent's command logic.
- Capability inventory: The skill has the ability to perform destructive actions like BITBUCKET_DELETE_REPOSITORY and create content via BITBUCKET_CREATE_PULL_REQUEST_COMMENT.
- Sanitization: No sanitization or content validation steps are defined for the data fetched from external sources.
Audit Metadata