bkt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to fetch and view content from third-party Bitbucket hosts (e.g., bkt pr view, bkt issue view --comments, bkt pipeline logs, bkt repo browse and the bkt api escape hatch against bitbucket.org or other hosts), which pulls user-generated PR/issue/comments/attachment content that the agent would read and that can materially influence actions like applying suggestions, merging PRs, or triggering pipelines.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires installing and running the "bkt" CLI and gives installation commands that fetch/execute remote code from the maintainer's GitHub (e.g. https://github.com/avivsinai/bitbucket-cli and https://github.com/avivsinai/scoop-bucket, and the go module path github.com/avivsinai/bitbucket-cli/cmd/bkt@latest), so these URLs are runtime external dependencies that can execute remote code.