bitbucket-automation
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion and processing of external, untrusted data.
- Ingestion points: Untrusted data enters the agent context through tools such as
BITBUCKET_GET_PULL_REQUEST_DIFF,BITBUCKET_LIST_ISSUES, andBITBUCKET_LIST_REPOSITORIES_IN_WORKSPACE(via BBQL filtering). - Boundary markers: The instructions lack delimiters or specific warnings to the agent to disregard instructions embedded within the retrieved Bitbucket content.
- Capability inventory: The skill provides access to several powerful tools, including
BITBUCKET_DELETE_REPOSITORY,BITBUCKET_DELETE_ISSUE, andBITBUCKET_CREATE_PULL_REQUEST, which could be exploited via injection. - Sanitization: No data sanitization or validation procedures are defined for the content fetched from the remote repository before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp) to their client configuration to enable the Bitbucket toolkit functionality.
Audit Metadata