sonarqube
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal npm package. This is a vendor-provided tool from Membrane used to facilitate secure communication with external APIs. - [COMMAND_EXECUTION]: The skill executes several shell commands using the
membraneCLI, such asmembrane login,membrane connect, andmembrane action run. These commands are necessary for the integration's functionality and are used within the scope of managing SonarQube data. - [SAFE]: The skill demonstrates positive security practices by explicitly advising against asking for or storing user API keys, delegating all sensitive credential management to the Membrane platform's server-side authentication lifecycle.
Audit Metadata