sonarqube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches issues from SonarCloud or a SonarQube/MCP server (see skills/sonarqube/SKILL.md and skills/sonarqube/scripts/sonarqube.py: fetch_cloud_issues / fetch_issues and the cloud/MCP workflow), ingests those external, untrusted findings into findings.json, and then uses them to drive autonomous “fix” decisions, so third‑party content can directly influence agent actions.