fix-sonarqube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to a remote SonarQube MCP server at https://sonarqube-mcp.bitso.io/mcp (SKILL.md Quick Start) and its MCP tools (references/mcp-tools.md — e.g., get_raw_source, analyze_code_snippet, search_sonar_issues_in_projects, change_sonar_issue_status) fetch and analyze user-generated source/issue data from that server which the agent is expected to read and can drive actions, so untrusted third-party content could influence behavior.