Skills
skills/php-workx/skill-sonarqube/sonarqube/Gen Agent Trust Hub

sonarqube

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates the analysis pipeline by executing system commands for git, docker, and sonar-scanner using Python's subprocess module with safe argument list handling.
  • [EXTERNAL_DOWNLOADS]: Pulls the official SonarQube community Docker image and communicates with SonarCloud APIs to fetch analysis results. These are well-known technology services.
  • [DATA_EXFILTRATION]: Transmits source code metadata and properties to external Sonar endpoints for analysis, which is the core functionality of the skill.
  • [PROMPT_INJECTION]: Processes external data from Sonar APIs, such as issue descriptions and rule metadata, which are then used by the agent to perform autonomous code fixes. This identifies an ingestion surface for indirect instructions, mitigated by the trusted nature of the data source.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 08:44 AM