The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The Bitbucket CLI tool (bkt) documented in this skill includes commands to install extensions from arbitrary GitHub repositories (bkt extension install <repo>) and execute them (bkt extension exec <name>). This mechanism allows for the delivery and execution of untrusted code at runtime.
[EXTERNAL_DOWNLOADS]: The skill directs the installation of several command-line tools from unverified third-party individual developers (e.g., ankitpokhrel, pchuri, avivsinai) through various package managers including npm, Homebrew, Scoop, and Go. These tools are not official Atlassian products.
[CREDENTIALS_UNSAFE]: The authentication setup instructions explicitly recommend exporting sensitive credentials like JIRA_API_TOKEN and CONFLUENCE_API_TOKEN into shell configuration files (~/.zshrc or ~/.bashrc). This practices stores secrets in plain text on the file system and potentially exposes them to other processes.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external collaborative platforms like Jira, Confluence, and Bitbucket.
Ingestion points: Commands like jira issue view, confluence read, and bkt pr view bring attacker-controlled content from issue descriptions, wiki pages, and pull request comments into the agent's context.
Boundary markers: Absent. The skill provides no instructions to the agent to distinguish between the skill's instructions and the content retrieved from Atlassian services.
Capability inventory: The skill has broad capabilities including installing packages, executing shell commands, and modifying remote resources.
Sanitization: Absent. There is no evidence of content sanitization or validation before processing or displaying the retrieved data.
[COMMAND_EXECUTION]: The skill relies heavily on shell command execution for its core functionality and includes a mechanism for executing arbitrary extension code.

atlassian-cli