bitbucket
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill instructs the agent to embed the BITBUCKET_TOKEN environment variable directly into the Git remote URL using 'git remote set-url'. This practice stores the sensitive token in plain text within the .git/config file on the local filesystem, which is an unsafe credential storage method that exposes the token to any process or user with filesystem access.
- [COMMAND_EXECUTION] (LOW): The skill provides templates for executing bash commands including git and curl to perform repository management and API interactions. These are necessary for the skill's primary purpose.
- [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill is vulnerable to instructions hidden in repository metadata. 1. Ingestion points: Repository remote info and branch names via 'git remote -v' and 'git branch'. 2. Boundary markers: Absent; there are no delimiters or warnings to ignore instructions in the data. 3. Capability inventory: Network access via curl and repository modification via git push. 4. Sanitization: Absent; the skill does not validate or sanitize metadata before processing it.
Audit Metadata