sonarqube-fix
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection because it processes output from the /sonarqube-check tool to perform automated code fixes. This surface is inherent to the skill's primary function and follows standard agent patterns.
- Ingestion points: Output from the /sonarqube-check skill as referenced in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are provided to the agent regarding the tool output.
- Capability inventory: The skill utilizes the /git-commit tool to persist changes to the codebase.
- Sanitization: No explicit validation or filtering of the scan results is defined within the skill instructions.
- [NO_CODE]: The skill consists entirely of high-level task instructions and does not ship with any scripts, binaries, or executable code, which significantly reduces its direct attack surface.
Audit Metadata