sonarqube-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages a potential attack surface for indirect prompt injection due to its core function of analyzing external content.\n
- Ingestion points: The agent ingests untrusted data through the
analyze_code_snippettool (which accepts raw code strings) and through the outputs of the SonarQube/SonarCloud API (issue messages, rule documentation, and metrics).\n - Boundary markers: There are no explicit requirements in the instructions to use specific delimiters or escaping mechanisms when the agent handles or interpolates this untrusted data into its context.\n
- Capability inventory: The agent has access to the
change_sonar_issue_statustool, which can modify the project's state in the external SonarQube system.\n - Sanitization: No specific sanitization procedures are mentioned for the data retrieved from external sources before it is processed by the agent.\n
- Mitigation: This surface is mitigated by the explicit instruction that the agent must never autonomously change an issue's status and must always wait for human verification and a documented reason.
Audit Metadata