bitbucket
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides standard git and curl command templates for interacting with Bitbucket repositories and its REST API (e.g.,
git push,curlwith authorization headers). - [PROMPT_INJECTION]: The instructions include behavioral directives wrapped in
<IMPORTANT>tags (e.g., "ALWAYS use the Bitbucket API for operations instead of a web browser"). These are benign operational constraints intended to ensure the agent uses the provided tools correctly. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its interaction with external repository data.
- Ingestion points: Reads repository content and pull request data from Bitbucket (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded content are used when processing external data.
- Capability inventory: The skill can execute arbitrary
gitandcurlcommands and utilize thecreate_bitbucket_prtool (SKILL.md). - Sanitization: No explicit sanitization or validation of ingested content is mentioned.
- [CREDENTIALS_UNSAFE]: The skill references the
BITBUCKET_TOKENenvironment variable and suggests a troubleshooting step to embed this token into the git remote URL viagit remote set-url. While this persists the sensitive token in the local.git/configfile, it is a standard practice for authenticating git CLI operations when SSH is unavailable and the token itself is sourced from an environment variable rather than being hardcoded.
Audit Metadata