sonarqube-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or data exfiltration techniques were detected in the skill metadata or body.
- [COMMAND_EXECUTION] (LOW): The skill references standard development commands (git diff, pnpm test, pnpm build, tsc) used for local code quality checks and validation. These are appropriate for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The GitHub Actions example references official actions (actions/checkout, sonarsource/sonarqube-scan-action). While sonarsource is not on the explicit trusted list, it is the primary vendor for the tool described and the reference is informational within a configuration example.
Audit Metadata