alloydb-postgres-monitor

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill scripts invoke npx to fetch and execute the remote npm package @toolbox-sdk/server@1.1.0 at runtime (e.g. via npx --yes @toolbox-sdk/server@1.1.0 ...), which downloads and runs remote code that the scripts rely on, so this is a runtime external dependency that executes remote code: https://www.npmjs.com/package/@toolbox-sdk/server