bitbucket-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core workflows explicitly call Bitbucket tools such as BITBUCKET_GET_PULL_REQUEST, BITBUCKET_GET_PULL_REQUEST_DIFF, BITBUCKET_LIST_ISSUES and similar (under "Manage Pull Requests" and "Manage Issues"), which fetch user-generated/untrusted content (PR descriptions, diffs, issue comments) from Bitbucket and the agent is expected to read and act on that content as part of its workflow.