Skills
skills/gemini-cli-extensions/cloud-sql-mysql/cloud-sql-mysql-admin/Gen Agent Trust Hub

cloud-sql-mysql-admin

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: All scripts in the scripts/ directory utilize npx --yes @toolbox-sdk/server@1.1.0 to download and execute code from an external package registry at runtime.
  • [COMMAND_EXECUTION]: The scripts invoke child_process.spawn with the shell: true option on Windows platforms. The provided argument sanitization is insufficient, creating a surface for command injection if input parameters contain shell metacharacters.
  • [DATA_EXPOSURE]: The mergeEnvVars function in each script explicitly reads and parses a .env file located at ../../../.env relative to the script's directory, which involves accessing sensitive environment configuration files from the local filesystem.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 05:18 AM