bitbucket-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from Bitbucket (e.g., via BITBUCKET_GET_PULL_REQUEST_DIFF, BITBUCKET_GET_PULL_REQUEST, BITBUCKET_LIST_ISSUES and related list/get endpoints), meaning the agent will read repository diffs, PR comments, and issue content from a third-party service that can contain untrusted text and thus enable indirect prompt injection.