sonarcloud-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the public SonarCloud API (e.g., /api/issues/search and /api/sources/raw) to ingest issue messages, hotspots, and raw source code—which are user-generated/untrusted—and the SKILL.md workflow requires processing those responses to drive analysis and actionable recommendations, so third-party content can materially influence agent decisions.