bitbucket
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that involve downloading and executing a shell script from the author's GitHub repository (
https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh) via a pipe-to-shell pattern. As this is the vendor's official installation method for the required CLI, it is documented but treated as standard setup. - [COMMAND_EXECUTION]: The skill extensively uses the
orbitCLI to perform actions on Bitbucket repositories, including repository management, pull request operations, and administrative configuration updates. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and displays untrusted content from Bitbucket, such as pull request descriptions and comments.
- Ingestion points: Untrusted data enters the agent context through
orbit ... bb pr view,orbit ... bb pr activity, andorbit ... bb pr listcommands. - Boundary markers: No explicit delimiters or instructions are used to separate user-provided pull request content from system instructions.
- Capability inventory: The agent can execute a wide range of
orbitCLI commands, including modifying repository settings and merging pull requests. - Sanitization: No evidence of sanitization or validation of the content retrieved from Bitbucket APIs.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh - DO NOT USE without thorough review
Audit Metadata