Skills
skills/giuseppe-trisciuoglio/developer-kit/sonarqube-mcp/Snyk

sonarqube-mcp

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill explicitly queries SonarQube/SonarCloud APIs (see Prerequisites: SONARQUBE_URL / SonarCloud and SKILL.md Steps such as "search_sonar_issues_in_projects", "show_rule", "get_project_quality_gate_status", and "analyze_code_snippet"), and it reads and acts on returned issue/rule content as part of its workflow (triage, propose fixes, change issue status), so untrusted/user-generated data from public SonarCloud or arbitrary SonarQube instances could influence agent decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 11:33 AM
Issues
1