The Agent Skills Directory

[SAFE]: The skill provides documentation for the legitimate bkt CLI tool developed by the vendor avivsinai. The capabilities provided are standard for repository management tools and include security-conscious designs such as secret scrubbing.- [COMMAND_EXECUTION]: The skill enables full administrative and operational control over Bitbucket instances through the bkt CLI. This includes a generic bkt api command for direct REST API interaction with Data Center or Cloud endpoints.- [REMOTE_CODE_EXECUTION]: The tool features a built-in extension system (bkt extension install) allowing users to clone and run executable code from Git repositories. Documentation states that sensitive configuration variables like authentication tokens are stripped from the environment before an extension is executed.- [EXTERNAL_DOWNLOADS]: The skill instructs the agent on how to download and install the bkt tool from official vendor sources including GitHub, Homebrew, and Scoop. It also facilitates downloading code through its plugin architecture.- [PROMPT_INJECTION]: The skill interacts with external, untrusted data by displaying pull request content, issue descriptions, and pipeline logs. This creates a surface for indirect prompt injection where malicious instructions embedded in a repository could influence the agent's context.
Ingestion points: Data enters through bkt pr view, bkt pr comments, bkt issue view, and bkt pipeline logs.
Boundary markers: No specific delimiters or safety instructions are used to separate remote content from agent commands.
Capability inventory: Extensive capabilities are present, including repository modification and extension execution.
Sanitization: No explicit sanitization or filtering of remote data is documented.

bkt