The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: All scripts in the skill utilize the npx utility to download and execute the @toolbox-sdk/server@1.1.0 package from the public NPM registry during execution.- [COMMAND_EXECUTION]: The skill uses child_process.spawn to run commands. In Windows environments, it enables shell execution and applies a sanitization routine that escapes double quotes in user-provided arguments to mitigate command injection risks.- [DATA_EXPOSURE]: The scripts contain logic to search for and read .env files in parent directories (../../../.env) to load sensitive credentials such as CLOUD_SQL_MYSQL_PASSWORD and CLOUD_SQL_MYSQL_USER for database operations.- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied parameters directly into shell commands. Ingestion points: Input parameters received via process.argv in all scripts (e.g., clone_instance.js, restore_backup.js). Boundary markers: None identified. Capability inventory: child_process.spawn with shell access enabled on Windows. Sanitization: Includes a basic quote-doubling escape mechanism for Windows shell compatibility.

cloud-sql-mysql-lifecycle