sonarqube
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the ability to execute various host CLI tools including Git, Docker, and the Sonar Scanner. Furthermore, the autonomous 'autofix' workflow grants the agent broad discretion to execute arbitrary project test commands (such as 'make test') for verification after applying code modifications.\n- [CREDENTIALS_UNSAFE]: The 'sonarqube.py' script manages Sonar authentication by reading and writing to a repo-local .env file. It automatically generates new SonarQube user tokens and persists them as 'SONAR_TOKEN' in plain text on the local filesystem, potentially exposing these credentials.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes issue descriptions and rules fetched from external SonarQube and SonarCloud REST APIs. Malicious content in these API responses could be used to influence the agent's code-fixing logic or command execution.\n
- Ingestion points: Findings and messages retrieved from Sonar REST APIs via 'sonarqube.py'.\n
- Boundary markers: None. The agent is directed to follow the findings to generate and execute a fix plan without isolation or safety delimiters for the external content.\n
- Capability inventory: Extensive file-system write access (to apply fixes) and arbitrary command execution capabilities (for test verification).\n
- Sanitization: No validation or sanitization is performed on the findings data before it is interpreted by the LLM as part of the fixing workflow.
Audit Metadata