sonarqube
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell scripts to execute
curlfor API communication andjqfor parsing JSON data. These tools are used within the expected scope of the skill's functionality. - [DATA_EXFILTRATION]: The skill accesses a sensitive configuration file located at
~/.boring/sonarqube/token. This file stores the SonarQube user token required for authentication. This access is documented as part of the vendor's configuration setup and follows best practices such as recommendingchmod 600for the file. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes data from an external source (SonarQube API).
- Ingestion points: Untrusted data enters the agent context through API responses in
sonarqube-issues.sh,sonarqube-coverage.sh,sonarqube-hotspots.sh, andsonarqube-quality-gate.sh. - Boundary markers: There are no explicit delimiters or warnings to the agent to ignore instructions embedded within the SonarQube issue messages or project metadata.
- Capability inventory: The skill possesses capabilities to perform network requests (GET/POST) and modify issue states via
sonarqube-transition.sh. - Sanitization: While the skill uses
jqto ensure valid JSON structure, it does not perform semantic sanitization or filtering of the text content retrieved from the API.
Audit Metadata