The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts in this skill use the Node.js child_process.spawn function to execute external commands. Specifically, they invoke npx (or npx.cmd on Windows) to launch a toolbox server component.
[EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the @toolbox-sdk/server package (version 1.1.0) from the NPM registry at runtime. NPM is a well-known public registry used for managing software dependencies.
[CREDENTIALS_UNSAFE]: The mergeEnvVars function in the scripts reads sensitive environment variables, such as CLOUD_SQL_MYSQL_PASSWORD, from a .env file located in the project's root directory. These credentials are required to authenticate the toolbox server with the MySQL database instance.
[PROMPT_INJECTION]: The execute_sql and get_query_plan tools accept raw SQL strings as input parameters. This creates a surface for indirect prompt injection where an agent might be manipulated into executing malicious SQL commands if it processes untrusted data.
Ingestion points: The sql and sql_statement parameters in the execute_sql.js and get_query_plan.js scripts.
Boundary markers: No specific delimiters or safety instructions are used to wrap the SQL input to prevent the agent from executing embedded instructions.
Capability inventory: The skill provides full capabilities to read from and write to the connected MySQL database via the execute_sql tool.
Sanitization: No input validation or sanitization is performed on the SQL strings within the wrapper scripts before they are passed to the underlying execution engine.

cloud-sql-mysql-data