sonarcloud-link-inspector
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves project metadata and issue details from sonarcloud.io or sonarqube.us (or a user-configured endpoint), which are well-known services for code quality and security analysis.
- [CREDENTIALS_UNSAFE]: Authentication is managed through the SONARCLOUD_TOKEN environment variable, following standard security practices for API secret management.
- [COMMAND_EXECUTION]: The skill is implemented in Python and performs standard API interactions; it does not invoke arbitrary shell commands or use unsafe execution functions like eval() or exec().
- [PROMPT_INJECTION]: Instructions in SKILL.md are strictly operational and do not attempt to override agent safety guidelines or system prompts.
Audit Metadata