bitbucket
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clifrom the NPM registry. This is an official vendor package required for the skill's core functionality. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line tool to perform actions like repository listing, issue management, and pull request creation. These operations are restricted to the context of the user's authenticated Bitbucket connections. - [DATA_EXFILTRATION]: While the skill ingests data from external Bitbucket sources (such as issues and pull request comments) which could theoretically contain indirect prompt injections, it uses structured CLI commands and vendor-managed connections which mitigate standard exfiltration risks.
Audit Metadata