bitbucket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses Membrane to run Bitbucket actions and proxy Bitbucket API requests (e.g., "list-pull-request-comments" and the "membrane request CONNECTION_ID /path/to/endpoint" instructions in SKILL.md), which causes the agent to fetch and read user-generated Bitbucket content (issues, PR comments, commits) that could contain untrusted instructions influencing follow-up actions.