sonarqube-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill's instructions do not contain any patterns designed to bypass agent safety filters, override system instructions, or extract system prompts.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys or tokens are present. The documentation correctly identifies the need for environment variables (
SONARQUBE_TOKEN) and provides secure setup instructions. - [EXTERNAL_DOWNLOADS]: The skill references the official SonarSource GitHub repository for the MCP server and its official Docker Hub image. These are well-known and trusted sources for the integrated service.
- [DATA_EXFILTRATION]: No patterns of unauthorized data harvesting or transmission to non-whitelisted domains were identified. Tool outputs are directed back to the agent for user presentation.
- [INDIRECT_PROMPT_INJECTION]: The skill includes functionality to ingest and analyze external code snippets, which represents a potential surface for indirect injection.
- Ingestion points: The
analyze_code_snippettool (documented inSKILL.mdandreferences/llm-context.md) accepts afileContentparameter containing untrusted code. - Boundary markers: Not explicitly implemented in the instruction set for tool parameters.
- Capability inventory: The agent has the ability to view project status, search issues, and update issue states using
change_sonar_issue_status. - Sanitization: No explicit sanitization steps for the input code are detailed, but the skill mandates user confirmation for status changes.
- [COMMAND_EXECUTION]: The skill operates entirely through structured MCP tools and does not attempt to execute arbitrary shell commands or manipulate the host filesystem beyond the allowed scope.
Audit Metadata