bitbucket-automation

SUSPICIOUS: The skill’s Bitbucket automation purpose matches its capabilities, but it routes OAuth and all Bitbucket operations through a third-party hosted MCP service controlled by Composio/Rube rather than direct Atlassian APIs. That makes the footprint coherent but raises medium security risk due to credential delegation, broad workspace/admin scope, and remote service trust outside the skill publisher.