cloud-sql-postgres-admin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill exposes sensitive parameters like rootPassword and password as required script parameters and shows command examples embedding "<param_value>" directly in the JSON/CLI, which would force the LLM to include secret values verbatim in generated commands or code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). All scripts invoke npx to fetch and run the remote package @toolbox-sdk/server@1.1.0 (downloaded from the npm registry, e.g. https://registry.npmjs.org/@toolbox-sdk/server) at runtime, so remote code is downloaded and executed and the skill depends on it.