sonarqube

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and displays user-generated SonarQube data from a configurable SONARQUBE_URL (see scripts/sonarqube-issues.sh, sonarqube-hotspots.sh, sonarqube-quality-gate.sh and sonarqube-api.sh) and the agent is expected to read/act on that content (e.g., decide fixes or perform transitions), so untrusted third‑party content can materially influence actions.