Skills
skills/gemini-cli-extensions/alloydb-omni/alloydb-omni-access-control/Gen Agent Trust Hub

alloydb-omni-access-control

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts use the npx utility to download and execute the @toolbox-sdk/server package from the npm registry. This occurs every time a script is run if the package is not cached.
  • [REMOTE_CODE_EXECUTION]: By fetching and running the @toolbox-sdk/server package at runtime, the skill performs remote code execution. The security of the skill is dependent on the integrity of this external package.
  • [COMMAND_EXECUTION]: The scripts utilize child_process.spawn to execute shell commands. On Windows platforms, the shell: true option is used, and user-provided arguments are passed into the command line, which may present a surface for command injection if input is not strictly validated by the agent.
  • [DATA_EXFILTRATION]: The scripts attempt to read and parse a .env file located at a relative path (../../../.env). This involves accessing sensitive local files that typically contain credentials, API keys, and other environment-specific secrets.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 05:18 AM