The Agent Skills Directory

[COMMAND_EXECUTION]: All scripts in the scripts/ directory utilize child_process.spawn with the shell: true option on Windows. The implementation for escaping user-provided arguments is insufficient, as it only handles double quotes and fails to account for other shell metacharacters such as ampersands (&), pipes (|), or redirection operators. This creates a vulnerability where malicious input provided to skill parameters (e.g., instance names or passwords) could lead to arbitrary command execution on the host system.
[EXTERNAL_DOWNLOADS]: The scripts use npx to download and execute the @toolbox-sdk/server@1.1.0 package from the NPM registry at runtime. While this is the intended deployment mechanism for the skill's core functionality, it involves the execution of externally hosted code.
[COMMAND_EXECUTION]: The mergeEnvVars function in each script is designed to read and parse a .env file located three directories above the script's path (../../../.env). This grants the skill access to sensitive environment variables and credentials stored in the user's broader project environment, which are then passed to the invoked subprocess.

cloud-sql-postgres-admin