Skills
skills/gemini-cli-extensions/alloydb-omni/alloydb-omni-optimize/Gen Agent Trust Hub

alloydb-omni-optimize

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts use npx --yes to download and execute the @toolbox-sdk/server package from the public NPM registry at runtime. This package is pinned to version 1.1.0 and is an official component associated with the skill's functionality.
  • [REMOTE_CODE_EXECUTION]: By invoking the @toolbox-sdk/server package through npx, the skill performs remote code execution of the utility. This mechanism is the intended design for the toolbox-based implementation of the database management tools.
  • [COMMAND_EXECUTION]: The skill uses child_process.spawn to execute shell commands. It implements platform-specific logic (e.g., using npx.cmd on Windows) and applies quoting/escaping to parameters passed from the agent to the underlying CLI tool.
  • [SAFE]: The skill follows security best practices for credential management by loading sensitive information, such as ALLOYDB_OMNI_PASSWORD, from a local .env file instead of hardcoding secrets or requiring them as plain-text inputs. It specifically includes logic to detect and parse these files from the project directory tree.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:18 AM