Steps to reproduce:
- Create a new branch
- Commit code with a commit message a. We are using SourceTree but should happen with git cli as well b. If it's a single commit it uses the commit message as the title. We copy paste to description but If we have multiple commits, the messages fill the description section.
Either way, if the @ symbol is in a commit message in the description section of a pull request the system makes a random reference to a user account outside of our team.
First occurrence was a link to https://bitbucket.org/Section/profile/teams because of @ section was used in our commit message (php laravel blade template language)
Second occurrence to test the theory pull-requests: 86 on affiliate repository Links to https://bitbucket.org/extrazozer/ because of @ extrazozer made the connection
I want to make sure this does not give access to these users to our code. I was unable to find any link back to this reference from the /extrazozer account