The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides instructions to run "git remote set-url origin https://x-token-auth:${BITBUCKET_TOKEN}@bitbucket.org/username/repo.git". This practice results in the sensitive BITBUCKET_TOKEN being stored in plain text within the .git/config file on the local file system, which poses a significant credential exposure risk if the environment is shared or persistent.
[COMMAND_EXECUTION]: The skill utilizes shell commands such as "git" and "curl" to manage repositories and interact with the Bitbucket API. While these tools are necessary for the skill's primary purpose, they involve direct command execution on the host environment.
[PROMPT_INJECTION]: The skill's functionality for interacting with pull requests and external repositories creates a surface for indirect prompt injection. * Ingestion points: Data retrieved from Bitbucket API responses and git repository contents (SKILL.md, README.md). * Boundary markers: Absent; the instructions do not specify any delimiters or safety markers to differentiate between system instructions and untrusted content from the repository. * Capability inventory: The skill can execute "git" and "curl" for file system and network operations. * Sanitization: No sanitization or validation mechanisms are described for external data before it is integrated into the agent's context.

bitbucket