Skills
skills/gemini-cli-extensions/alloydb-omni/alloydb-omni-data/Gen Agent Trust Hub

alloydb-omni-data

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts use npx to download and execute the @toolbox-sdk/server package (version 1.1.0) from the npm registry.
  • [COMMAND_EXECUTION]: Database operations are performed by spawning sub-processes to invoke the toolbox server. The implementation includes platform-specific logic for command invocation and argument escaping on Windows and Linux.
  • [PROMPT_INJECTION]: The skill processes untrusted database content, which creates a surface for indirect prompt injection.
  • Ingestion points: SQL query results and database schema metadata returned by all scripts.
  • Boundary markers: Absent; database output is processed and returned directly to the agent.
  • Capability inventory: Shell command execution via npx is available across all script files.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the database.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:18 AM
Security Audit — agent-trust-hub — alloydb-omni-data