sonarqube-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses data from a user-specified SonarQube server (SONAR_HOST_URL) — e.g., scripts/scan_branch.py and SKILL.md show polling /api/ce/task and calling /api/qualitygates/project_status and /api/issues/search — and it uses those responses to determine quality-gate results and exit behavior, so untrusted third-party content can materially influence actions.